When you say users will need to re-authenticate every 90 days, can you expand on that? I’m visioning one of two options (but maybe there are others!)
-
Every 90 days the Monzo app will ask users whether they are happy to let “App Name” continue to have access to their data. If they accept, everything continues working but if they decline then the 3rd party app will receive an authorisation error and can no longer receive info.
-
Every 90 days users will essentially be logged out of all 3rd party apps and be forced to go back through the individual login flows (using magic links, and the prompt in app) for each app to re-authenticate it.
I’m hoping it’s point one here (and is seemingly what @kieranmch says in his recent Q+A but maybe I’m misunderstanding).
If it is the second one then that is pretty restrictive, especially for backend-only apps (think Flux, which doesn’t have it’s own UI per se).