if you are designing an API, which allows iOS native application to communicate, you need a token refreshing mechanism, because you don't want keep asking iOS user to enter user name and password every time using your app. you just want them to send a refresh token to re-authenticate, and the token is generated from your own trusted source...
while if the API is supporting web page at the same time, your token generator needs to know which application is sending the request, so you need to generate a different logic to handle...
it sounds complicated, right? because it is, if this world is full of nice people, we won't even have such a problem.
because there are a lot of different implementations, you have to dig on your own.
while if the API is supporting web page at the same time, your token generator needs to know which application is sending the request, so you need to generate a different logic to handle...
it sounds complicated, right? because it is, if this world is full of nice people, we won't even have such a problem.
because there are a lot of different implementations, you have to dig on your own.