Need to re-login credentials even though cookies are saved
Hi,
We are developing an app which allows users to sign in (using OAuth) to Box to access their files. I noticed that the user has to keep entering login credentials (at account.box.com) everytime they initiate a Box request. I see the cookies being saved in my browser. My app also allows users to log in to Google Drive, Dropbox, OneDrive, etc. and those cookies are working as expected i.e the user gets re-directed directly to the app.box.com equivalent link with Allow/Deny Access buttons. I was hoping to get some guidance on what I might be missing for Box.
I tried doing this outside the app and can repro this issue:
1) I tried browsing to:
https://account.box.com/api/oauth2/authorize?client_id=&redirect_uri=&state=&response_type=code
and logged in using my credentials
2) I opened another tab and browsed to this same URL
3) I had to relogin by entering my username and password.
When I tried to do that same with other Cloud Storage providers (e.g. Google Drive), I was redirected to Allow/Deny step directly in (3).
Thanks in advance!
-
I think the issue is relying on the cookie for this integration. You will need to implement these steps to create persistent API access to the user's account:
- Grab the authorization code during the redirect
- Use the authorization code to generate an access token to get the user's files in Box. The access token is valid for an hour.
- Every call to request an access token will also return a refresh token. You will use the refresh token to generate another access token. The refresh token is valid for 60 days and can only be used once.
Please sign in to leave a comment.
Comments
1 comment