Welcome to the new Box Support website. Check out all the details here on what’s changed.

.NET SDK Refresh Token doesn't appear to refresh

New post

Comments

6 comments

  • mwiller

    Hi  — I'm Matt, and my team maintains the .NET SDK so I'm happy to help you try and get to the bottom of this issue!  The SDK definitely should be refreshing the tokens automatically for you here.  In general, a `BoxSessionInvalidatedException` gets thrown when the token refresh that the SDK attempts automatically fails for some reason.  A status code of 400 would indicate that something was wrong with the request that the SDK made — some possible causes are listed in the Authentication with OAuth guide.  Since the access token is working fine for an hour, I would guess that the original token information your application got is fine.  That also means that your client ID and client secret values are probably fine too, otherwise you wouldn't have been able to exchange the auth code for the tokens in the first place.  I just tested the current version of the SDK with my own auth code, and it seems to be working fine for me at least.  So, with all that in mind, I'm not totally sure what might be the issue here.  Here are a couple questions to try to help me figure out what might be wrong:

     

    1. What version of the .NET SDK are you using?  I only tested against the latest version, so if you're using an earlier version, maybe there's some old bug in it.

    2. I'm not familiar at all with VB.NET, but when I looked over your code I was a bit confused about what `strRefreshToken = auth.RefreshToken.ToString` was doing — in C# that wouldn't be a legal thing to do since it doesn't call the function but would be trying to assign the method itself to the variable.  I'm actually not sure why you need to the `.ToString` at all — the AccessToken and RefreshToken properties are already strings.  If you remove the .ToString from those, does it help the issue at all?

    0
    Comment actions Permalink
  • cbass

    Hello Matt,

     

    Thank you for your response.  I am using the latest version of the .NET SDK available from nuget which appears to be version 1. I'll download the latest from GitHub and see if that fixes this particular issue.

     

    To answer your other question, all I'm doing with strAccessToken = auth.AccessToken.ToString is assigning it to the variable which happens to be a string. The ToString just makes sure you get a string variable which is probably redundant in this case but I always try to use just in case.

     

    I'll report back with my result from updating the SDK. Thanks for the hint with that. I just assumed version 2 would be pulled from nuget but was obviously wrong.

     

    Thanks,

     

    Eric

    0
    Comment actions Permalink
  • cbass

    Matt,

    Actually I was running V2 of the SDK. The assembly version read as version 1.0.0.0. The runtime version reads as v4.0.30319 but the actual name/identity is Box.V2 which was the same as what I downloaded from GitHub. I did try the GitHub version anyway just to see what would happen and unfortunately I get the same error. But this time I'm able to step into Box SDK and see the access token getting the unauthorized response in which it then try's to use the refresh token. But it gets this response back.

     

    response = {StatusCode: 400, ReasonPhrase: 'Bad Request', Version: 1.1, Content: System.Net.Http.StreamContent, Headers:
    {
    Cache-Control: no-store
    Connection: keep-alive
    Date: Thu, 22 Mar 2018 18:02:04 GMT
    Age: 0
    Set-Cookie: box_visitor_id=5ab3ef9c92ae...

     

    But as I'm thinking about this, I must be doing something wrong. I think what happened was, and I'll test to confirm, but when the access token first expired I'm guessing the SDK did in fact get a new access/refresh token but within my app I'm not grabbing the new tokens and storing them. So my guess is it worked the first time after refresh but is failing each time afterwards.

     

    I'll test to confirm but this is what I think happened.

     

    Thanks,

     

    Eric

    0
    Comment actions Permalink
  • cbass

    Matt,

    So my theory was correct in that the refresh token does indeed refresh both access and refresh tokens. So the problem I created is that I'm not grabbing the newly refreshed tokens and storing them for retrieval on the next API/SDK call. So my question is when I run the below code and specifically the getfolderitemsasync is when my authorization gets called and checked. The tokens are refreshed but how do I get the newly created tokens to store them? 

     

    Dim auth = New OAuthSession(AccessToken, RefreshToken, 3600, "bearer")
    Dim config = New BoxConfig("XXXXXX", "XXXXXX", New Uri("https://localhost"))
    Dim client = New BoxClient(config, auth)

    Dim items As BoxCollection(Of BoxItem) = Await client.FoldersManager.GetFolderItemsAsync("0", 500)

     

    I'm waiting for my 60 minute access token to expire to test but I'm hoping that client.Auth.Session.AccessToken and client.Auth.Session.RefreshToken will give me the newly created tokens. I'll reply back with my results from there.

     

    Thanks,

     

    Eric

    0
    Comment actions Permalink
  • cbass

    Matt,

     

    So after letting the access token expire and testing by grabbing the newly created access and refresh tokens, I'm now able to refresh as expected. Thank you very much for getting me pointed in the right direction. Just needed a little hand holding there.

     

    I have another issue when trying to use uploadnewversionasync which I'm not sure if you can help me out with or not? Or if you prefer I create a new thread for it?

     

    Thanks,


    Eric

    0
    Comment actions Permalink
  • mwiller

     Glad you got it working! If you have another issue specifically with the SDK, the best place to get in touch with us is in the GitHub issues for the .NET SDK — my team monitors that regularly and tracks issues to ensure they're resolved.  We try to keep up with the Developer Forum as well, but it's easier for us to miss issues that relate to the SDKs if they're all mixed in with more general issues here.

    0
    Comment actions Permalink

Please sign in to leave a comment.