Introduction
Since version 2.0, OAuth introduces Refresh token on top of its popular Access token. An access token contains information about the scopes or roles of a user to a certain service. Originally, issuing an access token meant the issuer relinquished control over that token—the issuer could not revoke the token once it was given. This process brought about many security holes. When a hacker successfully acquires the access token, it is equally as disastrous as when a thief gains the entrance to your secret vault. The potential drama forces developers to limit the life span of access tokens to a very short span, typically from a few minutes to an hour—which reduces the usability because the user has to frequently log in. This is where refresh tokens come in handy. Refresh tokens, which have a much longer lifetime—from a week to a few months—does not require users to log in once the access token is expired because the application automatically requests a new access token at the issuer site. Moreover, implementing refresh tokens improves the system security because the issuer, at any time, can revoke the given refresh token.
With pre 4.2 versions of Safewhere*Identify, in order to access the Rest APIs, the client needed to gain a suitable access token. The process was sophisticated and time consuming. Admin would also need to write a web application that implemented OAuth 2.0 to ask the user to log in, then send those requests to the token’s issuer. The problem escalated when working with Window services that contain no user interaction because admin would, unavoidably, have to write a specific application to log in just for this regard.
To eliminate the hassle, Safewhere*Identify has launched the API Keys that autogenerate tokens and only require the Identify*Admin logon. You no longer have to compromise between security and usability as Safewhere*Identify has it all covered for you.
"Any society that would give up a little liberty to gain a little security will deserve neither and lose both." - Ben Franklin
How to Set Up to Get the Refresh Token and the Access Token on UI
1.Go to the connection list on Admin, select Tools\OAuth 2.0 to create the OAuth 2.0 Protocol Connection at the Root organization
.4. Click "Test" button to create the Oauth2.0 access token.
Great new functionality!
Comment by Wessel Kalter — August 18, 2015 @ 11:46 am