Release Date: 22nd April 2020
We are delighted to share with our developer community preview of what is coming in next week’s digi.me SDK update. In this update we will have some great new features that will save time, resources and complexity when on-boarding and retaining users.
You asked if we could allow users to connect once and have ongoing access to personal data that fits within the bounds of the consent receipt that had been agreed. We listened to your feedback and ongoing access authorisation has now been added. You can find out more about this feature below.
Ongoing Access allows continuous access to user’s data without the use of digi.me app **after** initial consent has been given.*
From a developer’s perspective, the authorization process is almost identical to regular authorization. Under the hood we use OAuth 2.0 with JWT, and JWS with RSA signing and verification to issue a medium lived, refreshable OAuth token, which is used to re-query user’s data without the need to leave your app.
Here is a simplified sequence diagram of how the OAuth flow is implemented:
Ongoing Access is for you if:
- You need regular access to user’s data
- You are using an ongoing contract
`refreshTokens` used to refresh `accessTokens` do eventually expire (for example – 90 days). When this happens, user will need to be directed back to the digi.me app for re-authorization.
In other news V4 contracts being phased out and replaced with more verbose V5 contracts. If you have had your contract updated please remember to use that and no the older version.