how to bypass "grant access to Box"?

New post


1 comment

  • Rui Barbosa

    The quick answer is yes.

    However it depends on which type of authentication you are using for your app.

    If you are using pure OAuth 2.0, this means your app will use the logged in user security context. This implies the user must at least once authorize the app to access its content. In this case store the access token and the refresh token for later user. Of course be sure to take security into account and encrypt the tokes. The access token is valid for 60 minutes and the refresh token for 60 days. User the refresh token to get a new access token and the user wont have to re-authorize the app. If the refresh token is expired then the user must re-authorize.

    The second option is to use a JWT token. This means your app will use its own (a service user) security context. In this case your app will not prompt the user for authorization, however the user security context still applies to it's content, so either the user shared the content with the service user, or the JWT token is configured as "enterprise access" and can make calls "as-user".

    Check out the authentication types documentation.

    Comment actions Permalink

Please sign in to leave a comment.