Hello all, I have a concern regarding
Hello all, I have a concern regarding tokens management, We are creating a multitenancy project in which we are going to create multiple org and the users in that org could create their groups/users and more. to make the API calls we either required a primary org token otherwise the tenant org token to perform the operation in a specific org like creating grp in a particular org and creating the user in a particular org, my question here is "What is the best way to manage tokens on user logged in inside PHP application ? do we need to save the tokens for respective users in db by setting 24 hrs validity and get it updated every 23 hrs in db via cron ? so when they try to parform any action the org admin(end user) can use that token ?" for example for super admin in our project we want to user primary org token.when someone as admin of particular agency we want to use that agency admin token to perform actions in that org.
1 Reply
In the Primary org, there is a tab for "all orgs" with a secret key that acts globally. This can be used to generate an auth token for a user in any given org.
I would prefer to the refresh on establishing new sessions, but you could implement a refresh token fallback as you say. Your method is scheduled, but another way to perform the refresh on
EmbedEvent.AuthExpire
.