Login and Logout Behavior
This section describes the default expected behavior of the Wink Login SDK with respect to user signing in and signing out
Browser Behavior
- Once a user is logged into a tab of a browser, an access token is provided with a default expiry of 5 min. A refresh token is provided with a default expiry of 30 minutes.
- It’s your responsibility as a developer to manage your login session in your app and server using the tokens provided.
- Upon expiry of the access_token, user should be logged out ( your app should call the signout function as explained in the Integration Steps )
- If you want to extend the session to beyond 5 min after loggin in, your app must call the Refresh token. Upon calling the Refresh token ( see Refresh Token in the Token Description section ), expiry for all the tokens are extended by 5 min
- Once the user clicks sign-out he is redirected back to the Sign-in page as default behavior. However, the login session is still valid until the expiry of the access token. If the user clicks Sign-in button immediately after Sign-out, the user will be automatically logged in again ( the entire Wink Login MFA process is skipped since the access token is still valid ).
- SSO (Single sign-on) behavior): Multiple different applications can be using Wink Login MFA and can be accessed by the user in multiple tabs. If a user is already signed into App no. 1 using Wink Login in tab 1 and the user attempts sign into App no. 2 using Wink Login in tab 2, the user will be automatically logged in without needing to go through Wink Login MFA. However, the SSO feature is local to the same browser and does not extend across browsers. On each new browser ( even on the same device ), the user has to sign-in again
Webview Behavior (inside Native Mobile Apps )
It is possible to use the Wink Login SDK inside a Webview of a native mobile app. Since multiple tabs and multiple browsers are not a concern in this situation, the behavior is simpler but the 5 minute validity of the access token and 30 minute validity of the Refresh token is also applicable in this situation.
If you would like to access Wink Login SDK inside an Embedded or Overlay iFrame or as a Native iOS or Android SDK, please contact your Wink Account Representative.
This version of Wink Login comes with a default login and logout behavior. If you desire a different behavior, it can be customized by contacting your Wink Account Representative.
Updated over 1 year ago
Standard OAUTH2 interaction is used by Wink Login to deliver user access and profile back to the app