Refresh tokens

[kevinvugts]

Hi,

Just wondering. Is this SSO plugin also accounting for refreshing the token and such? Or is just a one-off login and exchanging a strapi token for it instead?

Thanks!

[adamrpostjr]

I could be wrong but from my understanding is it's handed to strapi after authentication

[yasudacloud]

@kevinvugts Sorry for the late reply.

Or is just a one-off login and exchanging a strapi token for it instead?

I think this is closer to the answer. The tokens that are issued after authentication by Google or other providers are the same as the normal admin tokens.

[kevinvugts]

@kevinvugts Sorry for the late reply.

Or is just a one-off login and exchanging a strapi token for it instead?

I think this is closer to the answer. The tokens that are issued after authentication by Google or other providers are the same as the normal admin tokens.

okey. Do you have any idea how we can leave the authentication to azure ad? Perhabs using MSAL? Since in my opinion this is way more secure than strapis auth system. Is this something you could eleborate more on, in terms if how this might be built?

[adamrpostjr]

Do you have any idea how we can leave the authentication to azure ad? I'm not sure if that would be possible without a rebuild, this doesn't touch any core auth routes, only tacks onto them. Again, I could be really wrong -- I have time set aside at work today that I am going to look into some of the edits I need for our environment, so I can look a bit more into this then.

[yasudacloud]

@kevinvugts @adamrpostjr Sorry for the delay. It would be quite difficult to create our own authentication. Therefore, we are not very keen on implementing it as a feature of this plugin.

However, it may be possible to use both existing and new authentication methods (e.g., JWT, cookies, etc.). We would add a middleware that does azure ad authentication and authenticate twice.