Box Status

JWT and Token Refresh

Follow
New post
roncraig007

 

Wow. I've spent the better part of a day and just stumbled across this critical nugget -- when using JWT authentication, you will not get a refresh token.  Okay. That explains why my token store never has one.

The token will expire, though, in about 60 minutes.

 

My program will run indefinitely. It will awake once each day to see if there are files to move. I can assume, it seems, that my access token will be expired each time I awake.  What's the best approach to take here?

 

I think I can:

a) write a lot of code to check for 401 errors and then call authenticate_app_user(my_app_user) again, or

b) each time I awake, just go ahead and make the authenticate_app_user call again. 

 

It appears there's no way or reason to try and refresh since there are no refresh tokens issued.

 

I'm in Python, and called these eight methods:

#2 bugs me because my employer will not whitelist an app that needs enterprise access. Not sure if this call is needed or would mean the app needs enterprise access.

#6 I use None for login and set is_platform_access_only. I think that is correct for this utility.

#7 I intend my program to copy files to a folder that is owned by a normal user, who will set my App User as a collaborator. Figuring out how to find that normal user's folder is my next challenge. Perhaps it will be simpler to programmatically add a list of regular users as collaborators to my App User's folder instead. Hmmm...

#8 This appears to generate a second token (#2 generated the first one).  I'm thinking I just call this each time I wake up.

 

Suggestions are very welcome.

 

    # Configure JWT auth object
    auth = JWTAuth.from_settings_file(                                    # [1]
                    APP_CONFIG_FILE,
                    store_tokens = tokens_changed)
    print_attributes(auth)
    
    # Get access token  (likely unnecessary?? )
    access_token = auth.authenticate_instance()                           # [2]
    print "\nAccess Token: {}\n".format( access_token )
    
    # Get auth client
    client = Client(auth)                                                 # [3]
    print_attributes(client)

    # Shows that client can access my spuriously created app users    
    users = client.users()                                                # [4]
    for u in users:
        print "User: {}".format( u )
    
    # Establish App User from file or create and save a default one
    user=None
    try:
        with open(APP_USER_CONFIG_FILE,'r') as fp:
            user_cfg = json.load(fp)
    except ...
        print "No app user configured."
    else:
        fp.close()
        print "App User config: {}".format(pretty(user_cfg))
        user = client.user(                                               # [5]
                     user_id=user_cfg['user_id']).get()
    
    if not user:
        # When creating an App User, 2nd parm is login=None
        print "Creating a new App User..."
        user = client.create_user(                                        # [6]
                      DEFAULT_USER['user_name'], 
                      None,
                      is_platform_access_only=True,
                      space_amount=DEFAULT_USER['space_amount'])
    user_cfg = ...
    if user_cfg:
        with open(APP_USER_CONFIG_FILE,'w') as fp:
            json.dump(user_cfg, fp)
            fp.close()
            print "User Config updated"
    
    print_attributes(user)
    
    root_folder = client.root_folder()                                 # [7]
    print "\nRoot Folder: {}".format( pretty( root_folder ))
    
    # Authenticate this App User
    access_token = auth.authenticate_app_user(user.id)                 # [8]
    print "\nAccess Token: {}\n".format( access_token )

 

0

Comments

0 comments

Please sign in to leave a comment.