105
Hi All,
I am new to OAuth token Concept. So i have few queries?
1. Should i get a new "access token" for each "HTTP GET request made to the CRM REST API"?
2. What should i do with the "refresh token"?
3. Should i permanently store any of the tokens in the client application?
Thankyou
*This post is locked for comments
Hi Bhavik,
Please mark the answer as verified if it worked for you.
-shaminder
Hi,
That depends on how are you implementing your application.
If you are writing it client side where tokens would be generated in browser, implement implicit grant which gives short lived access token only
Implementation Detail-docs.microsoft.com/.../v1-oauth2-implicit-grant-flow
If you are implementing it in web service (passive mode interaction), then implement client credentials flow which would also generate access token only that are valid for an hour. You can cache it for an hour and then regenerate it.
Implementation Detail-docs.microsoft.com/.../v1-oauth2-client-creds-grant-flow
If you are implementing it in server side based application where user will be interacting and providing credentials then implement authorization code flow grant where you can make use of refresh tokens and silently acquire access tokens.
Implementation Detail-docs.microsoft.com/.../v1-protocols-oauth-code
-Shaminder
#1
Mohamed Amine Mahmoudi
83
Super User 2025 Season 1
#2
Community Member
52
#3
Victor Onyebuchi
6
Share
Report
All responses (
Answers (
