Box OAuth access token and refresh token- Standard practice

New post

May 23, 2018 05:48

Hello,

I am working on requirement where we have to access file from box and save it to some other application, Platform team has asked us to use OAuth 2.0 authentication (No JWT authentication). I am able to access box using OAuth Access token and refresh token. My question is,how can I make sure that my code will work after 60 days. I know that refresh token is valid for next 60 days. Can I create new access and refresh token from old token with each request? What is standard practice box suggests for this kind of requirement?

Thanks in advance,

Kiran

Comments

4 comments

DavidGrossi

June 05, 2018 11:52
Hi, I was wondering the same...
Any answer so far?
0

Comment actions Permalink
juicepuppy

October 07, 2018 17:07
Has anyone got an answer to this?

Can't find information on refreshing a token via API anywhere.
0

Comment actions Permalink
Kourtney

October 08, 2018 08:32
Hello all!

To answer the original question of:

"Can I create new access and refresh token from old token with each request?"

In short, No. Your code should prompt the user to start the oauth2 flow again if the refresh token is invalid!

Best,

Kourtney
0

Comment actions Permalink
ngcbassman

October 10, 2018 22:46
At least in the SDK .NET, the one that I'm using, there's a method call ExchangeRefreshToken with this:
/// Refresh token used to exchange for a new access token. Each refresh_token is valid for one use in 60 days. Every time you get a new access_token by using a refresh_token, we reset your timer for the 60 day period and hand you a new refresh_token

So it looks like there's a way to use the actual refresh token, to renew the 60 days and get a new refresh token using the old one.
But I'm confused now because the last post is coming from a person that works in the company and is saying there's no way to do this, so I don't know.
0

Comment actions Permalink

Please sign in to leave a comment.