I am using TSphinxLogin and TSphinxWebLogin to authenticate users on a non TMS Sphinx server. This works well but the authentication expires after an hour and I need to refresh the Access token but there does not seem to be a way to do this (apart from logging out and in again). Unfortunately I do not control the authentication server so I cannot extend the Access token validity and need to use the refresh token provided. Any ideas?
I think in this case you can simply perform a manual request to the authentication server, send it the refresh token to get back a new access token.
Since I am using the Sphinx login object I want the renewed access code to be reflected in the Sphinx "AuthResult" field. If I manually refresh then the Sphinx object just becomes dead weight. Is there no way I can get the Sphinx login object to refresh the token?
The thing is I don't understand the workflow you want to follow.
TSphinxLogin and TSphinxWebLogin are used to perform a OAuth/OIDC login to a 3rd party authentication server.
The idea is that the user performs the login process (enter user name/password for example), and then the authentication server returns the tokens - be it identity token, and/or access token, and/or refresh token.
From that on, the login process is over. You can use the refresh token to get a new access token, use the access token to access other APIs, use the identity token to get user information.
But I fail to see why the refresh process should be in the TSphinxLogin component, what do you gain from that?
Yes the login is complete and I have the access token which I can use on for any of the various APIs that I need. After an hour the access token is about to expire and now I have to go back to the authentication server and get a new access token, which means I have to discover the appropriate end point and set up the appropriate authorizations... the Sphinx object already had done all of this work to get the access token in the first place so it seemed logical to me to have the Sphinx object maintain a valid access token. [I am also doing this in both a native and WebCore application so it would be nice if maintaining the validity of the Access token was encapsulated in the Sphinx object.]. I understand from from you answer that this is not (currently 
) the possible through the Sphinx login object so I have to extract the Access token, Refresh token and expiry information from the Sphinx login and maintain the access code manually.
Hi @Dold_Peter, your assumptions are correct. We will consider the possibility of adding such feature in Sphinx login itself, just for user convenience.