Welcome to the new Box Support website. Check out all the details here on what’s changed.

Latest Java sdk and Oauth: are 'refresh' tokens refreshed automatically?

Answered
New post

Comments

2 comments

  • Murtza

    The Java SDK does not automatically refresh tokens.

     

    Refresh tokens can't automatically be refreshed. When a refresh token expires, it’s the equivalent of being automatically logged out, so the user will need to go through the OAuth login flow again.

    0
    Comment actions Permalink
  • kendomen

    I've had to refresh the token if it needs refreshing like this...

     

    private static BoxAPIConnection getBoxAPIConnection(String client_id, String client_secret, String token, String refresh_token, String stateConfPath) {
    
            String state = null;
            try {
                logger.info("Getting state.conf: " + stateConfPath + "/state.conf");
                InputStream fis = new FileInputStream(stateConfPath + "/state.conf");
                InputStreamReader isr = new InputStreamReader(fis, Charset.forName("UTF-8"));
                BufferedReader br = new BufferedReader(isr);
                state = br.readLine();
            }
            catch (FileNotFoundException f) {
                try {
                    // create file if it doesn't exist
                    PrintWriter writer = new PrintWriter(stateConfPath + "/state.conf", "UTF-8");
                    writer.println("");
                    writer.close();
                }
                catch (Exception w) {
                    logger.fatal("Exception", w);
                }
            }
            catch (IOException e) {
                logger.fatal("IOException", e);
            }
    
            BoxAPIConnection api = null;
    
            //if (null == state || "".equals(state)) {
            if (!token.equals("") && !refresh_token.equals("")) {
                api = new BoxAPIConnection(client_id, client_secret, token, refresh_token);
            } else {
                logger.info("Restoring state..." + state);
                api = BoxAPIConnection.restore(client_id, client_secret, state);
                if (api.needsRefresh()) {  // this is not a reliable call.  It can still throw a 401 below
                    logger.info("api refreshing...");
                    api.refresh();
                }
                else {
                    logger.info("api good...");
                }
            }
    
            return api;
        }
    0
    Comment actions Permalink

Please sign in to leave a comment.