Alternative token handling?

I like a lot the integration of Navigraph charts with EFB like Aerosoft’s A320 Prof on P3Dv4 in my case. It was a main reason to start my new subscription. However, the need to login from the A3xx Configurator tool for every new sim session feels a bit annoying to me.

Having worked on integration of remote services via REST APIs in the past for my company, I was wondering if there aren’t alternative ways how this might be handled. My thoughts may be stupid from your perspective without me knowing your technical details, but I was wondering if one couldn’t follow a procedure e.g. like this:

• A client-side app e.g. a 3rd party tool like the Aerosoft configurator or the simlink tool stores the user ID and password hash
• At the first connection, User ID and password hash are provided to API for initial authentication (no browser needed), the token is returned and stored
• For each next connection, validity of the stored token is checked first. If token is no longer valid, a new token is requested with the help of user ID and hashed password

As said, maybe this does not work for you, but this is at least roughly how we implemented a persistent API authentication procedure.

Hi Christian!

Our APIs are fully compliant with OpenID and supports endless sessions using refreshes similar to what you are describing (but a little different) you can see more information here Authorization Code Flow with PKCE | Navigraph Developer Portal. The way the A320 authenticates with Navigraph using a Configurator is not an official supported way of doing it but due to some technical limitations the developer decided to take that route.

To my understanding the refresh functionality should work in the A320 and using the Configurator was only rarely needed if something got out of sync. But you need to use the configurator for every sim restart?

Kind regards,

Markus

Hi, I wrote a longer reply which after a 2nd edit was sent to spam by a bot unfortunately. I hope it can be restored from there?