Re-authentication after refreshing access token?

Created at 28 May 2022, 17:32
Subscribe
How’s your experience with the cTrader Platform?
Your feedback is crucial to cTrader's development. Please take a few seconds to share your opinion and help us improve your trading experience. Thanks!
CS

csabz90

Follow

Joined 09.03.2022

Re-authentication after refreshing access token?
28 May 2022, 17:32

Hi!

Let's say I authenticate application and account using current credentials, then a bit later, in the same session, I refresh the access token. Assuming I am in the same session, do I need to re-authenticate account using the new access token right after refreshing, or can I just keep communicating with the server as long as the same session is alive without actively re-authenticating? (And then of course whenever I start a new session I use the new access token)

Thanks!

@csabz90
Replies

amusleh
30 May 2022, 09:44

Hi,

If you refresh your access token you will receive a new token and your previous token will be invalidated, so your session will also end and you have to send a new account auth request with your new token.

 

 

@amusleh

csabz90
30 May 2022, 10:49

RE:

amusleh said:

Hi,

If you refresh your access token you will receive a new token and your previous token will be invalidated, so your session will also end and you have to send a new account auth request with your new token.

 

 

Got it, thanks.

@csabz90

csabz90
30 May 2022, 16:19

RE:

amusleh said:

Hi,

If you refresh your access token you will receive a new token and your previous token will be invalidated, so your session will also end and you have to send a new account auth request with your new token.

 

 

Just help me understand one thing: how do I know my session ended after the token refresh? It seriously looks to me that my app's communication with the server continues even if I don't do a new account auth after the token refresh. I still get real-time data, can open/close trades, etc, nothing is breaking. I'd just like to understand why this happens.

Thanks.

@csabz90

amusleh
31 May 2022, 11:15

RE: RE:

csabz90 said:

amusleh said:

Hi,

If you refresh your access token you will receive a new token and your previous token will be invalidated, so your session will also end and you have to send a new account auth request with your new token.

 

 

Just help me understand one thing: how do I know my session ended after the token refresh? It seriously looks to me that my app's communication with the server continues even if I don't do a new account auth after the token refresh. I still get real-time data, can open/close trades, etc, nothing is breaking. I'd just like to understand why this happens.

Thanks.

Hi,

If you are refreshing the token then you should close the current session and start a new one, otherwise you will get a ProtoOAAccountsTokenInvalidatedEvent.

 Even if everything works it's best to start a new session immediately after receiving the new token.

@amusleh

csabz90
31 May 2022, 15:24

RE: RE: RE:

amusleh said:

csabz90 said:

amusleh said:

Hi,

If you refresh your access token you will receive a new token and your previous token will be invalidated, so your session will also end and you have to send a new account auth request with your new token.

 

 

Just help me understand one thing: how do I know my session ended after the token refresh? It seriously looks to me that my app's communication with the server continues even if I don't do a new account auth after the token refresh. I still get real-time data, can open/close trades, etc, nothing is breaking. I'd just like to understand why this happens.

Thanks.

Hi,

If you are refreshing the token then you should close the current session and start a new one, otherwise you will get a ProtoOAAccountsTokenInvalidatedEvent.

 Even if everything works it's best to start a new session immediately after receiving the new token.

Okay, noted, thanks :)

@csabz90
Copyright © 2024 Spotware Systems Ltd. All rights reserved.
The services provided by Spotware Systems Ltd. are not available to citizens or residents of the USA. Neither is the information on our websites directed toward soliciting citizens or residents of the USA.