#594 Query on authentication mechanism and token expiry

Pun Mum Wed 7 Mar 2018

Hi All,

I have a query on SCRAM authentication mechanism.

At last step, after successful completion of authentication, Bearer Token is issued to Haystack client by Haystack server. Generation of Bearer Token is implementation specific.

Haystack client should send this Bearer Token to Haystack server for all subsequent Haystack op execution.

Queries:

  1. When will this Bearer Token expire ? I assume this is implementation specific and expiry time can be anything (e.g. 30 min, 1 day, etc.)
  2. Once expired, how will token be renewed ? Is it necessary for Haystack client to start authentication mechanism again ? Or is there any other mechanism/concept defined in Haystack ?

Thanks.

Brian Frank Wed 7 Mar 2018

The Bearer token can be expired or canceled at will whenever your server wants. When that happens you return 401 to challenge the client. It doesn't really matter whether there is no bearer token, a fake bearer token, or an expired bearer token - from the server's perspective the client doesn't have a valid token and issues the 401 challenge.

Clients should always be prepared to deal with a 401 and re-authenticate

Login or Signup to reply.