Client Credentials Grant Expiration TimeAnswered
I am authenticating with the Box API via JWT using a Client Credentials Grant (https://developer.box.com/guides/authentication/jwt/without-sdk/#client-credentials-grant). The response looks like below:
What is unit is the expires_in field? Are these the seconds until the access_token expires?
That's correct, expires_in will be the time in seconds until token expiration. You can see more detail about the token object response over here.
- JonComment actions
Thanks for the response Jon. Follow up question:
The documentation you sent me has a refresh token as a part of the response payload, but mine does not. I am using the client credentials grant to obtain a JWT and the response looks like this:
How would I refresh this token once it expires?
The reference guide can be a bit confusing in this instance because it incorporates all possible options / values for all of our different auth types. Here's what you'll need to know for client credential grant.
The payload that you're seeing doesn't include a refresh token, like what you would see within standard OAuth 2 (when a user signs in to grant your app permissions). With those app types you would call the refresh token endpoint using that refresh token.
In your case, it's easier - when the token expires just call the same request access token endpoint that you did to get the first access token, which will give you a new one to use.
Please sign in to leave a comment.