Level up your Box knowledge with brand new learning paths on Box University. Visit training.box.com to get started

.NET SDK -- Where is my refresh token?

Answered
New post

Comments

5 comments

  • Murtza

     Since you are authenticating with JWT, not getting a refresh token is expected. I'll explain in more detail below. 

     

    We have two main authentication types: OAuth2 and JWT 

    • With OAuth2, when you request a new API token you get an access token that expires in 60 minutes and a refresh token that expires in 60 days. The refresh token can only be used once to get a new access token, and when you use the refresh token our API will send back a new refresh token.
    • With JWT, there is no refresh token to manage. You use your existing JWT credentials to get a new access token. This gives your application persistent access to the Box enterprise that authorized your application. 

    Please let me know if that answers your question? 

    0
    Comment actions Permalink
  • rbratton

    That sounds like what I wanted to hear.  Thanks!

    0
    Comment actions Permalink
  • Sparks260

    Hi

     

    I created a JWT using the Developer dashboard for my Box enterprise application.  Are you saying, that my client application can use this JWT forever to call my Box application?  There is no need to ever generate a new JWT and then update my client application use it?

     

    Chuck

     

    0
    Comment actions Permalink
  • Murtza

     Your application's JWT credentials (client id, client secret, enterprise id, public/private key pair) do not expire. However, the access token that you generate with your JWT credentials expires after one hour.

    0
    Comment actions Permalink
  • Sparks260

    So do I refresh the access token, our just reauthenticate? If refresh, how do I do that?

    0
    Comment actions Permalink

Please sign in to leave a comment.