Tray Embedded / Core Topics / Authentications / Managing Expired Authentications

Managing Expired Authentications


Some services have a strict authentication expiry period. An example of this is Facebook authentications, which expire after 60 days.

This will impact your End Users in that they will need to reauthenticate in order for their Solution Instances to continue working.

To help you deal with this, well in advance of the expiry (generally 7-10 days), we will send you a notification as a POST request to a specified url.

It is recommended that you ask your users to take action immediately to prevent their from expiring.

Setting the Expired auth URL

Go to your Profile Settings page and enter an 'Expired auth notification webhook' URL which can consume notifications about expired auths:

This url can be either:

  • A url hosted and controlled by you, whereby you choose exactly how to consume the payload.

  • A Tray workflow public url, in which case you can build a Tray workflow specifically to deal with the expired authentication payload (i.e. you could pull the data about the expired auth from a Webhook Trigger and then notify the individual user to take action).

The expired auth payload

When an expired authentication notification is sent, it will be in the following format:

"authentication_name": "User auth",
"service_name": "facebook",
"user_id": "8c0227d7-0181-4b4b-9955-354a63edcae2",
"authId": "bd90582e-ac50-4bb6-aeb6-2f0175408b69",
"external_user_id": "8cddbba1-0de6-4723-a8e3-6a2a3cdd0ef9"

The recommended procedure for dealing with the payload is as follows:

  1. The above notification will be sent as a POST request to your specified url (generally 7-10 days before the expiry)

  2. Your url should reply with a status of 200

  3. Use the payload to locate a contact email address for your End User. This email should be stored in your own system. Remember that external_user_id was set when you created the user and is a common id shared between your Tray Embedded account and your external database, so this could be used to locate details about the End User

  4. You can then use the user_id to obtain a User Access Token and List Solution Instances for the user, and find any Instances which use the authId, as discussed in Mapping and Editing Auths

  5. In order to update any authentications, you can prompt the user to either run the configuration wizard again, or use the edit auth url at the end of the above page on Managing and Editing auths to activate the auth-only dialog