Oauth refresh tokens enabled for OMX apps

This release includes important security updates for the OMX apps. The updates involve replacing the oauth client used on OMX apps so that it uses refresh tokens to re-authenticate.

• Added a new OAuth client, which is now used by OMX apps to authenticate with
• With this new client, the access token expires in 1h
• Oauth authentication on OMX apps now accepts token refresh
  • Existing accounts do not have this enabled by default as it would break backwards compatibility, this change only applies to authentication from OMX apps.
  • Authentication requests will continue to return the same token until it expires. If a customer wishes to renew the access token (essentially obtaining a new one), then the customer integration needs to perform a refresh token operation with the refresh token provided during the authentication step.
  • It is possible for to have multiple valid access token at a time. Each will have it’s own expiry time. 
  • The refresh token is reusable until it expires. When the refresh token is expired, a new authentication is required which then returns a new access token as well as a new refresh token.