refresh token is getting expired
Hi,
I am using OAuth to generate access token from the refresh token, but when the access token is generated the refresh token is expiring. I think the Refresh token must not expire so that users can generate multiple access tokens using the same refresh token. If user did not use it more than 60 days you can invalidate the refresh token.
We are using it for automation purpose and user can not change the refresh token manually everyday on our server, and also we cannot change the refresh token of user as it is confidential.
so is there any solution we can expand the life spam of refresh token?
-
Hi Nilesh,
That is how OAuth is supposed to work.
Each user grants permission to the app to access their box content, so the app must save for each user the access and refresh token, in an encrypted way.
When the access token expires (after 60 minutes), the app refreshes it using the refresh token and get a new pair of both access and refresh tokens, which again must be saved in an encrypted format for future use.
The refresh token lasts for 60 days and it is single use, except for some concurrency scenarios.
What having a refresh token prevents, is the need for the user to re-authorize the app. After 60 days the use must re-authorize the app.
This article illustrates a sample app using OAuth 2,0 and Box API.
Let us know if this helps.
Best regards
Please sign in to leave a comment.
Comments
1 comment