We’ve developed some resources to help you work effectively from home during COVID-19 Click to learn more

Authentication with WebTools, MailLink, and Pocket

In this article

    Let's look at how SuperID changes authentication for WebTools, MailLink, and Pocket.

    Before SuperID

    • We use proprietary tickets representing the user for authentication. A ticket is valid for a 10-hour sliding window.

    • WebTools, MailLink, and the mobile client use classic usernames and passwords. The password is stored encrypted on the device.

    • A user must reauthenticate when changing the password.

    • Double-clicking the WebTools owl icon will sign the user directly in to the tenant.

    An invalid cached password will sometimes result in locking the user account.

    With SuperID

    • We use industry-standard OAuth 2.0 access tokens and refresh tokens representing a user signed in to an application.

    • The access token is valid for 1 hour. The refresh token is valid for several years.

    • Access tokens can't be shared between applications.

    • The tokens are unique per user and application and are stored on the device.

    • WebTools, MailLink, and the mobile client use industry-standard OAuth 2.0 for Native Apps (RFC 8252).

    • Double-clicking the WebTools owl icon will send the user to the tenant. If the user is not signed in, the user will be redirected back to the sign-in dialog, must click Next, and then possibly authenticate to sign in.