How long is an AE session for users?
Indefinite, as long as they don't sign out, clear their browser session, or have settings in place, such as killing sessions on browser close.
If I login to Site X with Spotify, how long will that session persist?
A Spotify session is separate from an AE sessions and can expire for its own reasons. There is also a difference between an active browser session and access token expiry. So in theory the user can have an expired Spotify session but still use the tokens in AE to make API calls to Spotify.
How can I test?
- Create a simple html page with AEJS and an onUser and/or onFlow event listener
- If an AE session is active the onUser will fire as long as the user meets the AEJS settings requirements
- If there are enforced requirements for the site, such as required fields or email verification, then onFlow will fire and let you know what needs to be done
- If there is no active AE session then neither will fire.
What is the relationship between multiple services and a single AE user/session?
AE session refers to an actively logged in AE session using one of the IDPs for authentication. The AE data model consists of a single member object with multiple service objects attached to it. A user may login with Twitter but also have Facebook and Google+ as services attached to their account due to previous registration or account linking. This does not necessarily mean they will have an active session with those services at the time. But, the tokens attached to those services may still may be used at any time for API calls to the services, provided they are still valid.
A user logs in with Spotify and already has Twitter added via Oauth on a previous occasion. Can the user perform Twitter action without re-oauthing Twitter?
A developer will be able to make an API call on their behalf using the credentials acquired from previous oauth (as long as the tokens are still valid and the app has proper permissions). If there is a native Twitter widget on the page, then they will need to have an active twitter session to use.
Can I test user logins with my AE Dashboard account?
You can use AE connect with the same details you use to log into the dashboard (eg. email/password) however we recommend always signing out of the AE Dashboard when testing AE Connect sign ins. This avoids any confusion between user accounts and sessions, and ensures that you are getting the exact same sign in experience that your customers are getting.