question

Kevin Morris avatar image
Kevin Morris asked ·

New Token versus Refresh Token

My situation is that I have up to four receptionists calling patients, each with their own extension. I have built a "dialer" function (using the Password Flow -> Ringout API calls) into my contact management system. I understand that there is a limit of 5 non-expired tokens per extension.

This whole max token 5, token expire -> refresh token -> refresh token expire seems super complicated . I'll need to hire a team of expert hackers just to "hack in" to my own account. I was hoping to simplify things a tad, by doing this:

1) Obtain a token, store the expiry time in a "per extension" scope variable. (minus 5 seconds just to ensure I am "within bounds"). In the request, set the 'refresh_token_ttl=0' bc I don't want to be using refresh tokens at all.. I think they are unnecessary.

2) Keep using the existing token up until expire time

3) After token expire time, obtain a new token, like I did in step 1 above.

Is there anything wrong with this approach? Or MUST I use refresh tokens?



tokenrefresh access token
1 |1000 characters needed characters left characters exceeded

Up to 8 attachments (including images) can be used with a maximum of 1.0 MiB each and 10.0 MiB total.

Phong Vu avatar image
Phong Vu answered ·

Not sure why you mentioned about the max 5 tokens while it's not the issue you are facing with. As you said each user with their own extension.

Since you are using the password flow authentication, it's up to you to use the refresh token to get a new access token or to re-login when the access token is expired. It makes more sense if your app is a 3-legged authentication to use the refresh token because your user will not need to login every hour after the access token expires.

Share
1 |1000 characters needed characters left characters exceeded

Up to 8 attachments (including images) can be used with a maximum of 1.0 MiB each and 10.0 MiB total.

Kevin Morris avatar image
Kevin Morris answered ·

I forgot about the other auth methods. Ya, that makes sense now. Thanks.

Share
1 |1000 characters needed characters left characters exceeded

Up to 8 attachments (including images) can be used with a maximum of 1.0 MiB each and 10.0 MiB total.

Write an Answer

Hint: Notify or tag a user in this post by typing @username.

Up to 10 attachments (including images) can be used with a maximum of 1.0 MiB each and 10.0 MiB total.