I would like to use a custom authentication scheme that probably involves the admin REST api. I don’t want clients to keep their websocket session forever without reauthentication.
What is the preferred way to force the client (couchbase lite) to reauthenticate from the server side. I cannot trust the client to log out automatically.
One idea I had was to have an authenticated heartbeat to a custom REST endpoint that if not received within the time limit will cancel all existing sessions for the given user. Will that terminate any ongoing connection/sync session?
Or is there a simpler way to archive what I want with build-in functionality. My authentication is token/certificate based so I don’t need user interaction to authenticate in general.