Our app is currently using Square to log in users. Once they are registered, their session is stored. However, how do I log them in again after they have logged out or try to log in on a different device? At the moment I am going through the authorization process again and getting a new access token each time. That seems non-ideal to me, thanks for the help.
Not sure if I understand fully, so clarify if I’m wrong, but I would expect a user to have to sign in again if they sign out or log in on a different device. If they dont sign out, I would expect a repeated use of the access token (and refresh via the refresh token every 7 days) for a s long as you see fit. Maybe I’m not understanding your set up?
Ya, that is what I am asking about. If a user is logged in, they are logged in, that is fine. However, when they do need to log in again, what is the correct procedure? Is it to go through the OAuth process again and get a new access token?
In general, yes that right. As soon as the user is logged out, the current access token and refresh token should become redundant… That is assuming the logout is happening on the issuing Auth server.
I am not aware of your setup, but I assume when the user logs out of your client app, you also make a call to the Auth server to log out too? If you are only using the auth server to log in and out (eg nothing client side), then a log out client side may only be something as simple as wiping the access and refresh tokens. Does this answer your question? If not, could you outline the login process for me and I’ll try and help you.
Ideally this would have to be something that your application would need to handle. Square’s OAuth is for making request to Square on behalf or your customer and is not designed to be a client side account that’s logged in and out of across multiple devices. The access token and refresh token should be stored in your database and mapped to your customer. Once that customer logs into your application on their chosen device than all calls to Square your application will use the access token stored in your database. The refresh token is used to get a new access token because they expire after 30 days. Ideally your application will have a job that will refresh the stored tokens every 7 days.