Activating refresh token expired after 2 months

Follow

New post

qnapadam

• December 10, 2017 19:44

Hi,

 

I have a daily app which transfer data to my box, it worked fine until 2 month later, the server said that refresh token already expired. According to this article RT should alive at least 60 days, and the app renew RT everyday, are there other limitation about the lifetime of tokens? Or the maximum token I can acquire at the same time?

 

Thanks.

0

• 

  rocks

  • December 11, 2017 03:45

  Hi ,

   

  I can confirm that Refresh Tokens should be valid for 60 days.

   

  Refresh Tokens are used to get a new "access and refresh token pair". Successful refresh happens when you make a refresh call, get a new Access and a new Refresh token, and use the access token at least once. Once you use the new access token once, the previous Refresh Token used will become invalidated.

   

  Refresh Tokens are part of the OAuth2.0 authentication type

  https://developer.box.com/reference#oauth-2-overview

   

  For your particular use case (daily upload of content to Box) you might want to consider leveraging our 'Service Account" feature which is based off "OAuth 2 with JSON Web Tokens" (this is a certificate-based authentication model which does not rely on regular access token refresh)

   

   

   

  0

  Comment actions Permalink
• 

  qnapadam

  • December 11, 2017 17:31

  Hi ,

   

  Thanks, so the only limitation is that old refresh token will become invalid once I use the new access token? Grant tokens in several clients is OK? I get this question because I have around 15 clients in different machine with the same app to sync data and only one of them met refresh issue.

  0

  Comment actions Permalink

Please sign in to leave a comment.