question

Upvotes
Accepted
155 1 3 2

RDP API - Tokens

Hello Team,

Kindly review the below questions from RDP API client regarding authorization and advise:

Client Query: We have a question about the `Session quota is reached` error. We would like to authorize multiple instances of the application. But your authorization server rejects the request if we try to make a request without the `takeExclusiveSignOnControl` parameter. The API formally allows us to get multiple tokens, but in reality, we can't get more than one. And we would like to get a more extensive explanation (than in documentation) on the semantics of the 'Session quota is reached' error (under what circumstances it occurs and why we get this error when the first request to /auth/token).

Your documentation says that the `takeExclusiveSignOnControl` parameter is not a required parameter:

> The parameter, takeExclusiveSignOnControl, may be set to true ONLY if application sending authorization request needs all other sessions/applications to be logged out. Here are a couple of use cases when takeExclusiveSignOnControl must be set to true: Refresh token has been lost or invalid resulting in errors like: {"error":"access_denied" ,"error_description":"Session quota is reached." }

But your API rejects authorization without this parameter.

This is the list of questions:

1. What is `session quota`?
2. How is it measured?
3. How much quota do we have (per account/application, mb per day)?.
4. Can this value be changed (increased)?
6. Can I disable the quota for certain applications?
7. Why does authorization fail if the request does not include the `takeExclusiveSignOnControl=true` parameter?
8. How does `session quota` affect other applications from our account? Do all applications have the same quota?
9. Does logging into a website also affect the quota?

Thanks and Regards,

Nitesh.

Online Solutions Team

rdp-apirefinitiv-data-platformauthentication
icon clock
10 |1500

Up to 2 attachments (including images) can be used with a maximum of 5.0 MiB each and 10.0 MiB total.

1 Answer

Upvotes
Accepted
13k 32 12 18

@nitesh.saha,

Session quota indicates that the client is not allowed to get any more access tokens for same set of credentials, without kicking another application off. If the multiple apps are being used, and there is no mechanism to share the access/refresh tokens, it is fine to use the takeExclusiveSignOnControl parameter and get a new token each time, using the password grant.

There is no means to disable/change session quota and it is not per application. If the requirement is to have multiple concurrent applications, then multiple credentials should be used.

icon clock
10 |1500

Up to 2 attachments (including images) can be used with a maximum of 5.0 MiB each and 10.0 MiB total.

Click below to post an Idea Post Idea