Open archived-m opened 7 years ago
Mobile users should not have to log in as much as they have to. Check & follow best practices for authentication
Mobile tokens should never expire or last for a very long time, so I'd set a request header in the mobile app that we verify server-side. We can then determine token expiry time based on who requested it.
Mobile users should not have to log in as much as they have to. Check & follow best practices for authentication