Mobile Authenticators
 |
While they are visible on the UI, mobile authenticators are disabled in the current release. They will be enabled in a later release.
|
There are two authenticators that can be used in conjunction with the ThingWorx Mobile App Builder:
• ThingWorx Mobile Token Authenticator
• ThingWorx Mobile Authorization Authenticator
Unlike the other system authenticators, these can be edited and must be enabled.
Mobile Authenticator Token Expiration Dates
The mobile tokens for authenticators for ThingWorx have an expiration date. The token life time that is used to generate the expiration dates can be configured via the ThingWorx Mobile Authorization Authenticator configuration. The default expiration date for the mobile tokens is approximately 30 days from the creation date-time of the token, but can be adjusted by changing the lifetime value in the ThingworxMobileAuthorizationAuthenticator configuration page in the tokenLifeTime field.
To determine the expiration date for a mobile token, add the current creation date of the mobile token to the tokenLifeTime value.
Enabling and Disabling Mobile Authenticators
You can disable the ThingworxMobileTokenAuthenticator and thereby require end clients to always use mobile authorization base64 encoded credentials. If this is desired, it is not recommended for the ThingworxMobileAuthorizationAuthenticator to generate mobile tokens in response to a valid credential authentication. Uncheck the check box for generateTokens in the ThingworxMobileAuthorizationAuthenticator configuration page.
If you enable the ThingworxMobileAuthorizationAuthenticator, you will only be able to authenticate using a request with an Authorization header that has a value of Mobile <base64 encoded username:password>. A mobile token will still be generated and returned to the client that issued the request if you do not disable the generateTokens configuration setting in the ThingworxMobileAuthorizationAuthenticator. However, if the mobile token is attempted in a request to the ThingWorx platform for authentication, the platform does not honor that token, and will not allow authentication if the ThingworxMobileTokenAuthenticator is disabled.
Configuration Options
tokenLifeTime: Default is 2592000 (approximately 30 days).
generateTokens: True/false. Default is true.
Mobile Sessions
For any mobile credential used:
• ThingworxMobileAuthorizationAuthenticator - Authorization header with value of Mobile <base64 encoded username and password>
• ThingworxMobileTokenAuthenticator – ThingWorx mobile token header of twx-mobile-token with value of the mobile token’s (i.e. application key’s) key id.
If the credentials are valid, a session is created and returned to the mobile client.
If the mobile client caches the session and provides it in future requests, the platform honors that session. Those sessions have a default timeout of 30 minutes. The client is able to use the session for 30 minutes; then it has to use the credential again to get another session for 30 minutes. If a token is used, this can repeat until the token expires.
If the mobile client does not cache and does not use the session in future requests, it will have to provide either the mobile token or the authorization header. If the mobile token is used, then the user will be able to continue to send requests to the platform using that token until its expiration date (which the default is lifetime 30 days from creation date).
Related Links