Dataverse Order DocsAuthentication
Use local auth or SSO and apply workspace context after selection.
Auth modes
- Local:
POST /api/auth/signup,POST /api/auth/login - Google SSO:
POST /api/auth/oauth/google/code - Microsoft SSO:
POST /api/auth/oauth/microsoft
Workspace context
Access tokens are initially user-scoped. After workspace selection, session
context includes workspace_id and role, and workspace-protected APIs require
that context.
Refresh token policy
Refresh tokens are hash-stored, rotated on use, and globally revoked when reuse is detected.