set up expired time to downscope token.
Completed
Box token has default 60 minutes expired time. Is there a way to set up a shorter expired time, such as 15 minutes?
-
Box tokens (OAuth 2.0 access tokens) typically have a fixed expiration time set by Box (60 minutes by default) and cannot be shortened directly. However, you can implement a workaround to achieve the effect of a shorter token expiration: sisbén puntaje
Use a Token Refresh Mechanism: When the access token expires, your app can use the refresh token to obtain a new access token without requiring user re-authentication. While this won’t change the default expiration, it allows you to handle tokens effectively.
Token Caching and Manual Expiry: Set up a timer in your application that treats tokens as "expired" after a shorter period (like 15 minutes). After this interval, discard the access token and use the refresh token to obtain a new one. This approach helps if you want to limit the usage window of each token manually.
Implement Session Management: If your application requires high security, you can enforce a shorter "session" expiration on your side (like 15 minutes), independent of Box's access token. After 15 minutes, you can prompt the user to re-authenticate, refreshing both the access and refresh tokens.
Please sign in to leave a comment.
Comments
2 comments