105
Hi All,
I am new to OAuth token Concept. So i have few queries?
1. Should i get a new "access token" for each "HTTP GET request made to the CRM REST API"?
2. What should i do with the "refresh token"?
3. Should i permanently store any of the tokens in the client application?
Thankyou
*This post is locked for comments
Hi Bhavik,
Please mark the answer as verified if it worked for you.
-shaminder
Hi,
That depends on how are you implementing your application.
If you are writing it client side where tokens would be generated in browser, implement implicit grant which gives short lived access token only
Implementation Detail-docs.microsoft.com/.../v1-oauth2-implicit-grant-flow
If you are implementing it in web service (passive mode interaction), then implement client credentials flow which would also generate access token only that are valid for an hour. You can cache it for an hour and then regenerate it.
Implementation Detail-docs.microsoft.com/.../v1-oauth2-client-creds-grant-flow
If you are implementing it in server side based application where user will be interacting and providing credentials then implement authorization code flow grant where you can make use of refresh tokens and silently acquire access tokens.
Implementation Detail-docs.microsoft.com/.../v1-protocols-oauth-code
-Shaminder
Stay up to date on forum activity by subscribing. You can also customize your in-app and email Notification settings across all subscriptions.
#1
André Arnaud de Cal...
291,280
Super User 2024 Season 2
#2
Martin Dráb
230,235
Most Valuable Professional
#3
nmaenpaa
101,156
Share
Report
All responses (
Answers (