There seems to be a deviation from previous releases when the so-called “Implicit Grant Flow” is used. This is an authentication process in which the authentication is solely for 10 minutes, instead of longer as used by the “Code Grant Flow”.
It is recommended to activate the “Code Grant Flow” while the bug is being sorted out. Activating the “Code Grant Flow” is quite simple:
either provide a value for client secret in the log on form for Exact Online as shown in picture below,
or specify the client secret in the connectiong string using client-secret=VALUE.
The client secret can be found in the Exact App Center as described in:
An additional advantage that the needs to enter the verification code significantly reduces, since a so-called “refresh token” is acquired which stays valid on Exact Online unless generated on another device.
Both the Implicit Grant Flow as the Code Grant Flow technically work identical once an access token has been acquired. The Code Grant Flow equals the Implicit Grant Flow plus acquiring a so-called refresh token that when not used only expires after 30 days (up to 2021 unlimited lifetime). The refresh token can be used to at most once per 9,5 minutes acquire a new access token, even days later. However, a refresh token is sadly enough invalidated when the authorization flow is executed elsewhere for the combination of user and client ID.