I have implemented a simple-ember-auth on the front and oauth2-server on the back, using password and refresh_token grants. When the authorisation token is about to expire (this time is set on the server), simple-ember-auth issues a refresh token request, and gets a new authorisation token.
我使用密码和refresh_token授予,在前端实现了一个简单-em -auth,在后面实现了oauth2-server。当授权令牌即将过期(这次在服务器上设置)时,simple-em -auth发出一个刷新令牌请求,并获得一个新的授权令牌。
That's cool, however, I need to automatically invalidate the session after a certain inactivity time. Currently, OAuth2PasswordGrantAuthenticator seems to issue the token refresh request ad infinitum.
这很酷,但是,我需要在某个不活跃的时间之后自动地使会话无效。目前,OAuth2PasswordGrantAuthenticator似乎不断发出令牌刷新请求。
I would welcome any suggestions or thoughts how to implement this.
我欢迎任何建议或想法,如何实现这一点。
1 个解决方案
#1
3
As @Lux mentioned in comment you have to implement a user activity detection. You could observe events like keypress, mousemove, scroll etc. on window element therefore. If it's not about activity but just if the page is on focus you could consider Page Visibilty Api. If it's more about interaction with your application perhaps observe ember events like transitions.
正如注释中提到的@Lux,您必须实现用户活动检测。因此,您可以在窗口元素上观察诸如按键、mousemove、滚动等事件。如果它不是关于活动的,而是关于页面的焦点,您可以考虑页面Visibilty Api。如果更多的是关于与您的应用程序的交互,也许可以观察到像转换这样的ember事件。
Use Ember.debounce to call OAuth2PasswordGrantAuthenticator invalidate() method only if there wasn't any user activity.
只有在没有任何用户活动的情况下,才可以使用embo . deb盎司调用OAuth2PasswordGrantAuthenticator invalidate()方法。
Maybe best implemented in a Application Instance Initializers.
也许最好在应用程序实例初始化器中实现。
Something like this (not tested):
类似这样(未测试):
// app/instance-initializers/logout-if-inactive.js
export function initialize(applicationInstance) {
var session = applicationInstance.lookup('service:session');
var logoutAfter = 15 * 60 * 1000 // in milliseconds
var logout = function() {
Ember.run.debounce(session, 'invalidate', logoutAfter);
}
window.onmouseevent = logout;
window.onkeypress = logout;
}
export default {
name: 'logout-if-inactive',
after: 'session',
initialize: initialize
};
#1
3
As @Lux mentioned in comment you have to implement a user activity detection. You could observe events like keypress, mousemove, scroll etc. on window element therefore. If it's not about activity but just if the page is on focus you could consider Page Visibilty Api. If it's more about interaction with your application perhaps observe ember events like transitions.
正如注释中提到的@Lux,您必须实现用户活动检测。因此,您可以在窗口元素上观察诸如按键、mousemove、滚动等事件。如果它不是关于活动的,而是关于页面的焦点,您可以考虑页面Visibilty Api。如果更多的是关于与您的应用程序的交互,也许可以观察到像转换这样的ember事件。
Use Ember.debounce to call OAuth2PasswordGrantAuthenticator invalidate() method only if there wasn't any user activity.
只有在没有任何用户活动的情况下,才可以使用embo . deb盎司调用OAuth2PasswordGrantAuthenticator invalidate()方法。
Maybe best implemented in a Application Instance Initializers.
也许最好在应用程序实例初始化器中实现。
Something like this (not tested):
类似这样(未测试):
// app/instance-initializers/logout-if-inactive.js
export function initialize(applicationInstance) {
var session = applicationInstance.lookup('service:session');
var logoutAfter = 15 * 60 * 1000 // in milliseconds
var logout = function() {
Ember.run.debounce(session, 'invalidate', logoutAfter);
}
window.onmouseevent = logout;
window.onkeypress = logout;
}
export default {
name: 'logout-if-inactive',
after: 'session',
initialize: initialize
};