Hi @markd.
Ok, so let’s say I develop a UI in our Angular app, where User A can click a “generate API access” token. He will then copy this token, and use it in a Power BI/Qlik/Tableau app, that will read data from our API every day. Under the hood, the token is actually concatenated access_token and refresh token into something like “access_token|refresh_token”.
Serverside, I can then split on the “|”, and create a fresh access_token (if needed) with the refresh_token.
Is it just me, or does that sound weird?
Every single time Power BI/Qlik/Tableau would load data - the access_token would essentially be expired, and our API server would have to create a new one?