archived-m
commented
6 years ago Mobile tokens should never expire or last for a very long time, so I'd set a request header in the mobile app that we verify server-side. We can then determine token expiry time based on who requested it.
Mobile users should not have to log in as much as they have to. Check & follow best practices for authentication