The viewer login duration is dependent on the authorization token and refresh token. Here are their default durations:
- The authorization token is good for one week.
- The refresh token is good for one month.
If authentication is required, the viewer must use their login credentials to use the Beacon app. The question is then how long is the duration of successful login valid. The answer to this question is controlled by the duration of the authorization and refresh tokens.
- The authorization token duration sets how long the viewer can use the app without re-authenticating. For instance, if the authentication token duration is valid for five days, every five days the viewer must use their credentials to log in again.
- As a courtesy to viewers, you may wish to not force them to login too frequently, but still insure security. This is where a refresh token can be used. The use of the refresh token is as follows:
- The viewer's authorization token expires or somehow becomes invalid.
- The authorization server uses a valid refresh token to allow the viewer to obtain a new authorization token.
- The viewer gets a new authorization token and can continue to use the Beacon app.
Of course, at some point the refresh token expires and the viewer must use their credentials to log in again.