1 comment

  • jcleblanc

    Hi ,


    All tokens within Box (access tokens, developer tokens, downscoped tokens) have a 1 hour expiration time, which is done for security to prevent long-lived tokens from floating around.


    Access tokens, which they expire after an hour, can be perpetually refreshed using the refresh token, meaning that if the access token expires you can fetch a new valid one without having to go through the entire auth flow again.


    I can't speak to how rclone implemented the Box auth, but the above is basically how our systems work. If the token simply expires after an hour then more than likely they're not refreshing the token.


    - Jon

    Comment actions Permalink

Please sign in to leave a comment.