to get a personalized navigation.
to get a personalized navigation.
Hello,
I have some questions regarding the new authentication and authorization flow.
If you use the ‘Re use’ option you get the same refresh-token after a refresh request in the response.
If you use the ‘On time’ option you get a new refresh-token after a ‘refresh’ request in the response, an the old one is invalidated.
Are access tokens not invalidated when you start the auth flow for the same client?
Does the slider reset after each successful refresh request or is this based on which “Refresh Token usage” option you have selected?
What use case(s) can actually invalidate your access and refresh token outside the scope of the web application itself, changing password for example?
I thought maybe this was possible with the “Tenants” scope you are able to select at the ‘Identity Scopes’ option, but it seems that this scope does nothing, the phone and address scope actually adds information you’re id_token.
Thanks in advance!
Kind regards,
Michel
Solved! Go to Solution.
Answers given by the VNI support team:
Refresh token per user: a new refresh token is obtained by the application for a user when a new authorization request (/connect/authorize) and token request are successful. That will issue a new access token/refresh token pair that counts towards the Refresh token per user configuration. So if your app has a configuration of 20 (max value) it can have max 20 refresh tokens in Visma Connect.
Refresh token usage: represents how a refresh token is handled after obtained.
Refresh token expiration: the expiration is set with two different values
Access tokens are not expired: the access tokens are JWTs which have the expiration set as a claim.
API access
If your app only uses openid, email and profile the access token cannot be used for calling ERP API. When using the tenants scope together with the scopes of the API your app can obtain tenant information from the /connect/userinfo endpoint. The response will contain an array of tenants where the user has access to.
Copyright © 2022 Visma.com. All rights reserved.