Login question on BaaS
Q: From what I can see that once the user signs up we will get an access
token, we can use that directly, or use it to generate an application-level
token. The question is, once the token expires we will have to ask the user to
re-login? or is there a way to refresh the token and maintain the access to
the application namespace?
A: The normal application signup/login flow would always result in an
application-level token that should be used for all application-related
operations. The owner-level token can only be generated and used by the
individual HAT owner in a trusted execution environment (currently that’s only
the HAT web dashboard).
Current login session lifecycle is as follows:
1. user logs in and app token gets issued,
2. the original token is valid for up to 3 days,
3. it can be automatically refreshed by making any API call to the HAT (response will contain new token in the “X-Auth-Token” header),
4. the new token will be valid for another 3 days,
5. the automatic refreshing process can be repeated for up to 30 days after the initial login,
6. after 30 days session expires and user has login again.
This is the current default behaviour. Should any partner wish to adjust the
session lifecycle, they can request from Dataswift and this will be considered
depending on the permissions required and the sensitivity of data being
accessed.
Last updated: 5 years ago