Welcome to the new Box Support website. Check out all the details here on what’s changed.

Get Access Token using RefreshToken

New post

Comments

11 comments

  • mwiller

     For the second request, are you using the new refresh token that you got back after the first refresh?  The refresh token changes every time you refresh, and you can't use the same refresh token twice.

    0
    Comment actions Permalink
  • praveenvid

    Thank u for ur support







    Thanks & Regards,
    Praveenkumar Thatikonda

    0
    Comment actions Permalink
  • DuffmanCC

    hi,

     

    sometimes doing a second request using the same refresh_token works, and in theory, shouldn't work. Is that normal?

    Even doing more request. The expires_in changes, so they are different requests.

    0
    Comment actions Permalink
  • JontyKarki

    How should generate the access token by using the same refresh token? My refresh token expires after first use.

    0
    Comment actions Permalink
  • mwiller

     The refresh token changes every time you refresh, and you can't use the same refresh token twice.  When you make the API call to refresh, the API send back both a new access token and a new refresh token.  You'll need to store the new refresh token when you refresh the first time, and use the new refresh token when you want to refresh a second time.

    0
    Comment actions Permalink
  • Rishabh3108

     How are you generating the AuthCode in Step-1 ? when i am trying this, it redirect me to sign-in page and after login got redirected to root folder instead of generating any AuthCode. Please help.

    0
    Comment actions Permalink
  • Jason

     , it sounds like your redirect URL is set to your root folder / home page on Box (e.g. app.box.com). You'll want to change your app's redirect URL to a URL that you control instead, because after the user logs in, Box will redirect the user to your redirect URL and then append the authorization code to the URL.

     

    At that point, your app would then take the authorization code and exchange it for an access token.

     

    To change your redirect url:

    • Go to your Developer Console (app.box.com/developers/console)
    • Select your app
    • Select Configuration on the left hand sidebar
    • Find the "OAuth 2.0 Redirect URI" Section
    • change the redirect url to the URL for your app (e.g. myapp.heroku.com/oauth2)

    You can see more about it in our docs:

    https://developer.box.com/docs/authenticate-with-oauth-2

     

    Hope that helps!

    0
    Comment actions Permalink
  • Rishabh3108

      i tried below method for Authentication.

    https://developer.box.com/docs/authenticate-with-jwt

    Once the client is created and i tried to get a folder info it throws Following Error.

    "GET https://api.box.com/2.0/folders/7984021****/items?offset=0" 404 322
    {'Content-Type': 'application/json', 'Content-Encoding': 'gzip', 'Date': 'Wed, 26 Jun 2019 12:28:15 GMT', 'BOX-REQUEST-ID': '1u9ukebuecgsfkjqgr37ghe2b5l', 'Cache-Control': 'no-cache, no-store', 'Strict-Transport-Security': 'max-age=31536000', 'Transfer-Encoding': 'chunked', 'Vary': 'Accept-Encoding', 'Connection': 'keep-alive'}
    {'code': '---ound',
     'context_info': {'errors': [{'message': "Invalid value 'd_7984021****'. "
                                             "'folder' with value 'd_7984021****' "
                                             'not found',
                                  'name': 'folder',
                                  'reason': 'invalid_parameter'}]},
     'help_url': 'http://developers.box.com/docs/#errors',
     'message': 'Not Found',
     'request_id': '19xhakg4etyd80q8',
     'status': 404,
     'type': 'error'}

    But if i create a client from manually generated Developer Token from console. I can get the same folder Info.
    0
    Comment actions Permalink
  • Kourtney

     

    Developer tokens are associated with the account that's logged into the developer console when the token is generated. Therefore, you'll only be able to interact with folders/files that account owns or has collaborator access to. A 404 indicates that the token you're making this call with does not have access to the folder you're trying to get. 

     

    Best, 

    Kourtney 

    0
    Comment actions Permalink
  • Rishabh3108

     This is how i am making request. Correct me if i am doing anything wrong. Already authorized app from Admin Console.

     

    from boxsdk import OAuth2, Client
    from boxsdk import JWTAuth

    sdk = JWTAuth.from_settings_file('./box_config.json')
    ac_token = sdk.authenticate_instance(enterprise='21073****')

    auth = OAuth2(
    client_id=,
    client_secret=,
    access_token=ac_token
    )
    client = Client(auth)
    folder=client.folder(folder_id='798402*****').get_items()

     

     

    Tried this also but didn't work:

    sdk = JWTAuth.from_settings_file('./box_config.json')

    client = Client(sdk)
    folder=client.folder(folder_id='798402*****').get_items()

    0
    Comment actions Permalink
  • Kourtney

      You're getting a token and making calls for your JWT application's service account. Taking a look on the backend, this user doesn't own or collaborate on any content. You need to add this user as a collaborator on the folder you're trying to access, 798402*****. 

    0
    Comment actions Permalink

Please sign in to leave a comment.