Once the end customer goes through the auth flow, Cobalt saves the encrypted tokens and keys and refreshes them if/when required to maintain the functionality of the created workflows.

However, there are certain conditions where Cobalt can no longer authenticate the API on behalf of your end customers.

  1. The provided API credentials for eg: API keys, Refresh token has expired.
  2. The access token or refresh token of the end customer has been revoked.
  3. The end customer uninstalls the application.
  4. The user deletes the application being used by their customer.

Handling re-auth

When any of the above mentioned scenarios occur, Cobalt sets a flag reauth-required for the application integration of the customer. You could find this in the application response object. See below -

cURL
  curl --request GET \
  --url https://api.gocobalt.io/api/v2/public/application \
  --header 'linked_account_id: <linked_account_id>' \
  --header 'x-api-key: <x-api-key>'

below is a sample response with an application with expired authentication.

Response
 [
    {
        "name": "Slack",
        "icon": "https://cobalt-app-logos.s3.ap-south-1.amazonaws.com/slack/logo.png",
        "description": "Slack is a platform for team communication: everything in one place, instantly searchable, available wherever you go. Offering instant messaging, document sharing and knowledge search for modern teams.",
        "auth_type": "oauth2",
        "tags": [
            "Communication"
        ],
        "version": {
            "_v": "1.0.0",
            "description": "Slack is a platform for team communication: everything in one place, instantly searchable, available wherever you go. Offering instant messaging, document sharing and knowledge search for modern teams."
        },
        "connected": true,
        "connected_accounts": [
            {
                "identifier": "Cobalt",
                "connectedAt": "2023-05-31T07:45:59.841Z"
            }
        ],
        "slug": "slack",
        "reauth_required": true
    },
    ...
]

This re-authentication flow is handled by the Hosted flow and the Embedded flow where the user would be asked to re-connect if the application authentication has expired.

If you have been using the Seamless flow for customizing the code on the client side, just check for the reauth_required field in the application list response, and use the .connect() method to connect to the application again.

Re-authentication
cobalt.connect("slack") // opens a new tab for re-authentication
cobalt.connect("twilio", {
  number: "<credential>",
  sid: "<credential>",
}) // saves the new auth data for key based apps

Checkout the auth methods for more details.

Getting notified using webhook.

Cobalt supports webhook subscription for an event when an application auth gets expired for a linked account. You would need to subscribe for the event Connection Expired. Cobalt would then notify you whenever an app connection expires and provide details about the application and the account.

Webhook payload
{
 "linked_account_id": "12345",
 "org_id": "645270e37917442c4307297a",
 "environment": "test",
 "type": "General",
 "event": "Connection Expired",
 "slug": "pipedrive",
 "createdAt": "Tue, 07 Nov 2023 08:38:33 GMT"
}
Checkout Cobalt webhooks for more details.
Auth FlowsLogs