Box app : 2 steps authentication every time ?
I'm currently building a Box application, which will be used by Box users.
I use the Java Content API, to call the Rest services, to authenticate the user, everything works fine.
But I'm surprised that every time I log in my application, I need to use the 2 steps authentication, which includes receiving a code via text message on my phone.
How can I have the same behavior as in Box : 2 steps for the first login with a device, and then only one step if I re-use this device ?
-
Hi Claire,
If you enable 2-factor authentication, then every time you authenticate, you should be forced to do two-factor. It's possible that in your enterprise you're using a third party tool like Okta, that allows for setting advanced features on token expiry.
With that said, you should only be forced to authenticate if you are not already authenticated to Box. The OAuth flow should be only the authorization step. Once authorized, your app will be passed tokens that can be used for subsequent calls.
To learn more about the overall flow, check out:
https://box-content.readme.io/docs/oauth-20
Let me know if this clears thing up, or if there is still something we can help with.
Ross
-
I don't understand your reply : the 2nd step of the authentication (code sent by text message to my phone) depends of the device used.
My question is not about token expiry, or forced authentication.
For example, on Box website :
1. I log in using a device for the first time, the 2nd step will be activated : I will receive a text message to confirm my authentication.
2. I log out.
3. I log in a 2nd time from this same device : I only need to fill in my login/password, the 2nd step won't be activated.
It is this behavior that I would expect when I use the Content API to authenticate a Box user.
-
Box managed to get the wrong phone number recorded so i cannot access the two step authentication because the text message does not come to me. I am effectively locked out of all the developer activities just when we need to work fast. I cannot find anywhere to access the Box admin and change this phone number. Please help ASAP.
-
Hi
If you are truly locked out, you should contact Box Support to help you directly or visit this page for other support options.
If you still have admin access to the access to the account, you may be able to adjust the user profile settings in Users and Groups though the "Log in as this account" feature described in the Admin Console Guide.
If you can access the Admin Console but need additional help, please reply back with the exact steps you have taken to help the community to figure this out with you.
Please sign in to leave a comment.
Comments
4 comments