Offline authorization and device storage
Trimble Identity has many components, such as password validation, multi-factor authentication, and authorization tokens, that require use of the internet. Since these features require the use of a connection to use, Identity does not recommend offline authentication for any product that uses Identity.
If offline authentication or authorization is needed, here are Trimble Identity’s best practices and recommendations.
For Operating Systems (OS) that support individual user profiles, such as macOS or Windows, there should be a one-to-one mapping between the user’s OS profile and the Trimble Identity account. Users must log in to their device using a separate password or PIN. The OS will securely store individual user data, including browser session cookies.
iOS for phones is not currently supported due to lack of multi-user account support.
Examples:
For scenarios where multiple users share a single account, the recommendation is to store the refresh tokens for each user and force each user to sign in every time. The application can force a sign on by using the prompt=login query parameter on authorize request. The application can then manage separate access or refresh tokens for each user.
Note: Single sign-on (SSO) will not work when
prompt=loginis used in the /authorize call. Users will be forced to sign in multiple times if using multiple Trimble apps on the same device.
As a secondary option, applications can include the username in the cookies.
Example: session_{email}_{domain}.