refresh token is getting expired

New post


1 comment

  • Rui Barbosa

    Hi Nilesh,

    That is how OAuth is supposed to work.

     Each user grants permission to the app to access their box content, so the app must save for each user the access and refresh token, in an encrypted way.

    When the access token expires (after 60 minutes), the app refreshes it using the refresh token and get a new pair of both access and refresh tokens, which again must be saved in an encrypted format for future use.

    The refresh token lasts for 60 days and it is single use, except for some concurrency scenarios.

    What having a refresh token prevents, is the need for the user to re-authorize the app. After 60 days the use must re-authorize the app.

    This article illustrates a sample app using OAuth 2,0 and Box API.

    Let us know if this helps.

    Best regards


    Comment actions Permalink

Please sign in to leave a comment.