Activating refresh token expired after 2 months
Hi,
I have a daily app which transfer data to my box, it worked fine until 2 month later, the server said that refresh token already expired. According to this article RT should alive at least 60 days, and the app renew RT everyday, are there other limitation about the lifetime of tokens? Or the maximum token I can acquire at the same time?
Thanks.
-
Hi ,
I can confirm that Refresh Tokens should be valid for 60 days.
Refresh Tokens are used to get a new "access and refresh token pair". Successful refresh happens when you make a refresh call, get a new Access and a new Refresh token, and use the access token at least once. Once you use the new access token once, the previous Refresh Token used will become invalidated.
Refresh Tokens are part of the OAuth2.0 authentication type
https://developer.box.com/reference#oauth-2-overview
For your particular use case (daily upload of content to Box) you might want to consider leveraging our 'Service Account" feature which is based off "OAuth 2 with JSON Web Tokens" (this is a certificate-based authentication model which does not rely on regular access token refresh)
-
Hi ,
Thanks, so the only limitation is that old refresh token will become invalid once I use the new access token? Grant tokens in several clients is OK? I get this question because I have around 15 clients in different machine with the same app to sync data and only one of them met refresh issue.
Please sign in to leave a comment.
Comments
2 comments