1 Reply Latest reply on Jan 26, 2016 4:15 PM by john.decker

    OAuth login for API always asks user to allow access, even if previously granted; user's add ons duplicated

    jwil

      Given a Jive add on has been created and a user is directed to the oauth endpoints to login; Then the first time the user is asked to 'Allow' access for the given add on to interact with the Jive API on behalf of the user (using the subsequently retrieved access token/ bearer id).

      The Problem: for situations where using the refresh token is not possible (public computers, etc), Jive does not appear to detect that the user has already enabled the add on, and asks them to 'Allow' every single time they interact with the add on. Further, if the user navigates to the 'manage add ons' page in their account settings, they see the add on listed for every time they have used it.

       

      Jive should detect that the user has already granted the add on access, and not ask again, as is the oauth protocol standard.