I am currently working on an extension to a Revit add-in, which pulls BIM360 cloud models to use in some processing. With the Forge API Client for C# I'm now retrieving the hubs, projects and files which the user is allowed to access.
My gripe is with the fact that the user has been signed into Autodesk from basically the first moment Revit is launched, while I'm having to prompt the user to sign in a second time with a CefSharp modal browser dialog with the exact same sign-in, accept the Forge application's permission requests, and loop back to the add-in.
It feels incredibly superfluous to have to make the user sign in while he's signed in. Although I try to prompt for authentication as little as possible, refreshing tokens whenever I can, it will still come down to prompting every time I'm beyond the token's expiration time. Also, if the user ends up filling a different user to the one Revit is currently signed in to, he can select files which are potentially not allowed to be opened by the session in Revit.
Is there a way to either:
Unfortunately, you cannot use Revit's authentication (access_token). Just like you (and your app), Revit uses a Forge Client ID & Secret, with a specific set of permissions and scopes, and can only be used by Revit.
Your app needs to authenticate at least once. After that, you can use the refresh_token to avoid re-entering credentials.