JWT vs. OAuth Account Level Apps

clp207 · May 5, 2020, 12:26pm

Is there a way to create multiple JWT apps and limit the permissions of what the app can do? Or is there a way to create an OAuth account level app that follows the client credentials Oauth flow and doesn’t require a redirect URL?

samly · May 5, 2020, 12:29pm

I don’t think you can do an OAuth account-level app without going through the OAuth process at least once (and every time you need to update scopes).

It is pretty seamless after the first time though, as you can just store the latest refresh_token to get a new access_token when needed.

michael.zoom · May 8, 2020, 8:45pm

Spot on @samly - thanks for answering.

@clp207 Admin-level permissions are given through OAuth (user-level tokens). A refresh_token can be stored for 15 years, given user permissions/scopes do not change.

Topic		Replies	Views
JWT specific access API and Webhooks	2	334	January 2, 2021
OAuth Access Tokens for Admin App API and Webhooks	2	269	April 1, 2021
Oauth authorization grant reusability? API and Webhooks	2	463	December 24, 2020
API App - Transfer to new developer account - JWT API and Webhooks	8	830	August 21, 2020
Login again with OAuth API and Webhooks	3	487	August 21, 2020

JWT vs. OAuth Account Level Apps

Related Topics