I am integrating Mendix with a 3rd party auth service which issues Json Web Tokens (an access token and a refresh token). It makes sense to me to keep these tokens in memory; in previous, non-mendix applications I have written (e.g. React SPA's) it was generally best practice to keep the JWT in the client. In mendix, how might I achieve the same? - I assume a non-persistent entity is kept on the server; Is this correct? Is there a way to keep it on the client? - If it is kept on the server, when I create a new object of this entity, is the previous one cleaned up, or can I have multiple objects of the same entity? - Assuming I can keep each individual users' token entity in memory, I am worried about scalability - if 1000's of users connect I will be keeping 1000's of token objects around. Which brings me back to the original question of can I keep the token client-side?
The latest Mendix versions use a stateless server model.
That means, non-persistent entities are only stored in the client. To prevent garbage collection of NP entities you should set an association to the users Session.
With the following widget from the appstore you could store the token in the local storage and read it from there: