This administrative utility allows for the maintenance of OAuth2 authentication tokens on the server running the utility.
The key purpose of OAuth2 authentication is to provide additional security when accessing remote sites, without the need to pass authentication credentials such as your user name and password with every request for data. The authentication is performed once, and a token is provided to the calling application to use for subsequent calls. Each token is expected to have a lifetime defined on the remote server. This provides for automatic expiration of the tokens. Following expiration, action must be taken by the calling user or program to reauthenticate and receive a fresh token.
You enter the utility via the Server Access Tokens which is under the Advanced administration tab..
You will see a list of existing tokens and their expiry time.
Note that expired tokens show with their expiration date in red, while valid tokens appear in green.
One point to be aware of is that the OAuth2 protocol is only specified to work with https connections, not with http. However, if you or your users want to take advantage of a redirect configured within the web server, from http to https, then this is allowable, as long as the remainder of the address is the same. For security reasons, ExtraView will not allow a redirect from an address on one domain to a different domain.
Also on this screen is a button with the title Delete Expired Tokens. This allows the administrator to delete all the expired tokens from the database. Tokens have no purpose once they have expired, and this option simply cleans up the database entries for the expired tokens.
The administrator may also use the delete button by each active token to immediately expire the token to which it refers.
