Federated Login DesignEstimated reading time: 3 minutes
Interject uses a Duende (previously Identity Server 4) API to handle authentication for federated user logins. The following diagram shows the relationship between the Interject Excel Add-in and the Auth API when users login to a federated identity system.
Enterprise Login Code
The Enterprise Login Code is a text string given to each Interject company that is used to navigate a user from the general login page to the federation's login page. The login code can be set to any text string that is not currently in use by another Interject company.
See Logging In/Out: Enterprise User for a walkthrough on how to login with your Enterprise token.
Web Pages with Webview2
To learn more about Webview2, refer to this documentation.
Tokens and Refresh Cycle
Open ID Connect (OIDC) is built on top of OAuth2 which uses an access token for authorized requests and a refresh token to get new access tokens when they expire. Both of these tokens expire after the following durations:
- Refresh token - expires every 30 days (this requires the user to login again)
- Access token - expires every hour
How Tokens are Stored
Login access and refresh tokens are stored in a .dat file using Microsoft's Windows data protection API. It is located in the user's AppData folder for Interject/Settings.
You can open this folder easily by clicking on Diagnostics on the Advanced Interject ribbon, select Open User Folders and then click Execute Selected Action.
Legacy Interject Logins
Users can be configured to continue using their existing Interject basic Auth accounts while also having access to federated logins. The Interject Login Manager will show all your logins: