Mobile App timeout

amolrajurkar · ‎09-07-2016

We recently enabled Mobile App in Helsinki. Issue what we are facing is that it does not automatically timeout or logout a user. It is a security concern for our company and we need to logout a user after certain time.

Has anyone come across a settings which can help set auto logout on mobile.

Chuck Tomasi · ‎09-07-2016

The native mobile app (as of Geneva) does not leverage the browser's user session timeout property. The application will be allowed to communicate with the instance as long as the Oauth token is valid. If the Oauth token is at some point invalidated, the user will be prompted to authenticate again.

The Oauth token for mobile devices is configurable by the system administrator and therefore session durations can be modified to any desired duration. You can find it under System OAuth> Application Registry with the name "ServiceNow Mobile App"

amolrajurkar · ‎09-07-2016

thanks Chuck for replying.

In my developer instance I went to System OAuth and got ServiceNow Mobile App. When I opened up I see two settings, Refresh token lifespan and access token life span. I made both to 2 seconds. I hope by making them to 2 seconds my mobile app should logout after 2 seconds if I am not using it, this setting didnt seem to work for me.

I also see Mobile API listed under System Oauth and did change both the settings to 0 and 2 respectively but that did not have any impact.

Can you elaborate further if I did it incorrectly?

Chuck Tomasi · ‎09-07-2016

Let me do some checking Amol. Stay tuned...

jerryjones · ‎09-07-2016

Hey Amol,

What behavior specifically are you testing? Set timeout to 2 seconds, open app, and wait 2 seconds to be logged out?

Currently, the apps will keep their session alive as long as the apps are active in the foreground - keeping this session alive does _not_ require any user interaction. Once an app has been backgrounded, and the token expiration time elapses, the user will be required to login once again.