FusionAuth
    • Home
    • Categories
    • Recent
    • Popular
    • Pricing
    • Contact us
    • Docs
    • Login

    How does FusionAuth handle storage of refresh tokens for third party services?

    Scheduled Pinned Locked Moved Solved
    Q&A
    1
    2
    2.0k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • danD
      dan
      last edited by

      How does FusionAuth handle storage of refresh tokens for third party services where the user has authorized storage of a refresh token (for google, Facebook, etc)?

      --
      FusionAuth - Auth for devs, built by devs.
      https://fusionauth.io

      danD 1 Reply Last reply Reply Quote 0
      • danD
        dan @dan
        last edited by

        This is an example of Third-party Service Authorization.

        We store the tokens on the Link, but leave the refresh operation up to the software needing to access the third party API.

        This approach has some tradeoffs, but gives more granular control to the application that needs the access token.

        How it works:

        • The developer sets up an 'authorize' button in their application
        • We take care of the authorization/authentication/storage of the refresh token.

        ... time passes

        • When they need an access token, they call our APIs to get the refresh token for a particular user
        • They call the 3rd party service to get the access token,
        • They use the access token.

        If the access token expires while they need it, they can get the refresh token again and then get an access token.

        --
        FusionAuth - Auth for devs, built by devs.
        https://fusionauth.io

        1 Reply Last reply Reply Quote 0
        • danD dan has marked this topic as solved on
        • danD dan referenced this topic on
        • First post
          Last post