I am using Windows Azure toolkit for Windows Phone to authorize user with the help of Access Control Service. What is the supposed way to renew the session token in your app? Seems that all samples over the web ask user to sign in every 10 minutes (it’s the default token expiration time. Increasing it to maximum allowed 24 hours doesn’t really solve the problem – I want to sign in only once).
Is it possible to retrieve the token that remains valid until user explicitly revokes access for my app? Then I can store this token on the phone and use it to authorize service calls on user’s behalf.
Currently ACS doesn’t provide a mechanism to renew tokens. The work around is to make the token live longer (increase token lifetime on the portal). But if you’re using an identity provider like Live ID, the user can choose to remember password. Then he doesn’t have to manually type password every time he tries to sign in. Your program can make this process more transparent. For example, try to connect to your service. If the service detects the token has expired, your Windows Phone application automatically opens the browser and ask the user to sign in again and get a new token. If the user chose to remember password, he will see the browser windows briefly show up, and then disappears without any action.
Best Regards,
Ming Xu.