I am integrating Mendix with a 3rd party auth service which issues Json Web Tokens (an access token and a refresh token).
It makes sense to me to keep these tokens in memory; in previous, non-mendix applications I have written (e.g. React SPA's) it was generally best practice to keep the JWT in the client.
In mendix, how might I achieve the same?
- I assume a non-persistent entity is kept on the server; Is this correct? Is there a way to keep it on the client?
- If it is kept on the server, when I create a new object of this entity, is the previous one cleaned up, or can I have multiple objects of the same entity?
- Assuming I can keep each individual users' token entity in memory, I am worried about scalability - if 1000's of users connect I will be keeping 1000's of token objects around. Which brings me back to the original question of can I keep the token client-side?
With the following widget from the appstore you could store the token in the local storage and read it from there:
LocalStorage Reader and Writer, see
On the other hand keeping a record in memory for 1000 users, connected to their session object shouldn't pose much of an issue as well.
The latest Mendix versions use a stateless server model.
That means, non-persistent entities are only stored in the client. To prevent garbage collection of NP entities you should set an association to the users Session.