Box token based authentication
I am trying to use Box's token based authentication and seems like its more compalicated then what other saas application does. I am just not sure why my user has to manually type in login user/password for the first time and grant access to box. It only needs to be done once, but still everytime I restart my server, user need to login and grant again. Also, if the user's password expires, it starts failing. If user has to login using username/password and grant then why it is called token based authentication??
Can someone please explain if I am doing anything wrong? or is this how box does their TBA?
thanks
-Samir
-
Hi Setu01,
You do need to save your tokens in some kind of file or Keychain or registry. So, that you can get access to those tokens later again when app restarts. Even after the accesstoken gets expired, you can still read RefreshToken and request new tokens and save the new tokens again.
So, during the next cycle, first read the tokens first, check if they are valid, if yes call the apis. If tokens are not valid, user shoudl be login again. The tokens will never expire if you at least make 1 API call in 60 days becuase RT lasts 60 days. Or else what you can do is make app refresh new token once every time app restarts that will assure you there will always be valid token during the program run time.
And same applies for username/ password change. The tokens will still work even if you change password even though it's good idea to request new token in case of password change.
Hope this helps.
thanks,
Bibek
Please sign in to leave a comment.
Comments
1 comment