Changes to the Authorization Process

Authorization Process Overview

The Authorization Process is the second step of the installation process for Beefree SDK. Throughout this step, you pass Beefree SDK your client_id, client_secret, and UID parameters during a server-to-server call to the Beefree SDK service auth.getbee.io. Once complete, you will receive a JWT token, which you then use to securely continue with your installation process. This article will discuss the Authorization Process, how the process impacts you, and the actions you need to take to complete it successfully. It will also discuss the benefits of the new authorization process that you can leverage as you use Beefree SDK.   

What's Changing

We're introducing a new authorization process with the following changes:

• New Authorization Parameters: The login process will now require three parameters instead of two: client_id, client_secret, and UID. This ensures the generated JWT token directly includes the UID, making it secure and unalterable.
• Token Expiration: Currently, tokens expire after 5 minutes but can be refreshed for up to 7 days. With the new process, an expired token will only last 12 hours. After this period, the host application can:
  • Keep Beefree SDK alive by injecting a new token obtained from the new loginV2 method.
  • Save the current JSON from the callback, reinitialize Beefree SDK with this JSON.

In both cases, users will not lose their work, with the first option providing a smoother user experience.

How It Impacts You

Old Login Process

The old login process included the following: 

• Your server-side application performs a server-to-server call to our service auth.getbee.io.
• The server-side application sends client_id and secret (not the UID) and receives the JWT token.
• The client-side application creates a Beefree SDK instance by passing the token and the UID along with other configurations.

New Login Process

The new login process includes the following: 

• Your server-side application performs a server-to-server call to our service auth.getbee.io.
• The server-side application now sends client_id, secret, and UID and receives the JWT token.
• The client-side application creates a Beefree SDK instance by passing the token (not the UID) along with other configurations.

What You Need to Do

Existing Customers: To migrate to the new loginV2 process, you must:

• Add the UID parameter during the login phase.
• Manage the refresh expiration to accommodate the new 12-hour token lifespan.

New Customers: You will start with the new loginV2 process.

• Both login methods (old and new) will be available until all customers have fully adopted the new process. Eventually, the old method will be phased out.

How long will v1 login be available?

An expiration date for the v1 login has not been set yet. However, a clear and transparent migration timeline will be provided well in advance of the deprecation of the v1 login. In the meantime, it is recommended to prepare and migrate to v2 to take advantage of its security benefits.

What are the benefits of migrating to v2?

The v2 login was designed with several enhanced security features: 

• UID encryption
• Token expiration
• Token re-authorization

Conclusion

To summarize:

• Login v1: Performed via the old https://auth.getbee.io/apiauth URL using client_id and client_secret.
• Login V2: Performed via the new https://auth.getbee.io/loginV2 URL using a JSON payload with client_id, client_secret, and UID.

Before the mandatory change, there will be a brownout period where the old endpoint will be turned off for an hour to ensure everyone is aware of the transition. Adopting the new process will enhance security and provide a better user experience.