SSO Refresh Model

New Information

Progress Application Server for OpenEdge : Extending OpenEdge SSO to Web Applications : Programmer’s Guide to SSO Token Handling : SSO Refresh Model

SSO Refresh Model

All SSO tokens, including the native OpenEdge SSO token, must expire after some set interval. They can be refreshed either by:

performing a full direct-login by the client

returning to the point where an SSO token was issued and requesting a new token with an extended expiration

Refreshing of a native OpenEdge SSO token takes place via a defined URL ( similar to the way HTTP FORM login is implemented). In this case the client uses a POST request to a URL and passes the refresh token it received with the last SSO token it obtained. If the refresh operation is successful it will return a new SSO token and, optionally, a new refresh token.

Client request

POST web-app-url/static/auth/token?op=refresh
{ “token_type” : “oecp”,
“refresh_token” : “oecp-ref-token”
}

Server response

Content-Type: application/json;charset=UTF-8
Cache-Control: no-store
Pragma: no-cache

{
“token_type” : “oecp”,
“access_token” : “b64-oecp-sso-token”,
“refresh_token” : “oecp-ref-token”,
“expires_in” : int-seconds
}

HTTP Status Codes

200 indicates successful server response.

401 indicates SSO token generation failure

Content-Type: application/json;charset=UTF-8
Cache-Control: no-store
Pragma: no-cache

{
“error” : “401”,
“error_description” : “error-desc”
}

token-error-code

Note: For more information on token-error-code, see SSO Token Error Codes.