Welcome to the new Box Support website. Check out all the details here on what’s changed.

Box Status

JWT Token refresh / timeout

Follow
New post
rossmckegney

When using JWT for app auth on the server side, what is the best practice for refreshing the token? Should we watch the timeout value and refresh just before expiry, or catch the 401 when the token expires, refresh the token, and try again? 

 

Also, what is the default token timeout, and is it configurable? 

 

Thanks!

0

Comments

1 comment

Date Votes
  • kendomen

    I believe the default is around 60 minutes.

     

    I've been using the SDK so there seems to be wrappers around token management.  For example:

    public static BoxDeveloperEditionAPIConnection getAppEnterpriseConnection(String enterpriseId, String clientId,
            String clientSecret, JWTEncryptionPreferences encryptionPref, IAccessTokenCache accessTokenCache) {

        BoxDeveloperEditionAPIConnection connection = new BoxDeveloperEditionAPIConnection(enterpriseId,
                DeveloperEditionEntityType.ENTERPRISE, clientId, clientSecret, encryptionPref, accessTokenCache);

        connection.tryRestoreUsingAccessTokenCache();

        return connection;
    }

    but if you don't use the SDK, I do both.  I check to see if token has expired and I also wrap it in a try/catch for 401 errors.

     

    0
    Comment actions Permalink

Please sign in to leave a comment.