Welcome to the new Box Support website. Check out all the details here on what’s changed.

Box Status

Box is asking "grant access" page everytime user log-in with box

Answered
Follow
New post
Jagdeep Singh

I have integrated Box OAuth with my application so that users can log in with Box. It's working fine.

But Box is asking "Grant access to Box" every time when user log-in.

My expectation is it should ask only once when the user log-in for the first time. (like Google, Facebook, Office365 does)

Please help how to avoid grant access every time?

0

Comments

2 comments

Date Votes
  • Official comment
    jcleblanc

    Hi Jagdeep,

    Typically the flow for OAuth 2 would be like so:

    1. The user comes to your app for the first time, you forward them to Box to log in and grant permission to the application.
    2. The user is forwarded back to your app. Your app would create an access token for that user, which is in turn used to make API calls on behalf of that user.
    3. When the user comes to your app in the future you either use that existing token (if still valid) or make a call to refresh the token (if expired) rather than sending them to the login screen. You will need to store the access token for the user in #2 to do this.

    My guess here is that you're forwarding the user to Box to log in / grant app permissions rather than using the existing access token you have stored for the user. You will need to store the access token (securely) when they first log in and then set up the ability to refresh the token if it expires, which allows you to not have to send them through the login flow again. The login flow doesn't store tokens for the users itself. If my assumptions are not correct please send by some additional details and we can dig in.

    Thanks,

    Jon

    Comment actions Permalink
  • Jagdeep Singh

    Hi Jon,

    Thanks for your response. I understand what you explained about OAuth 2.

    But here my requirement is just to verify that the visitor is an actual box user or not.  And I don't want to store/use the user's access token.

    So, is there a way to eliminate the grant access page if a user is already given access to the app? Or is there any other type of custom app I can use for this purpose?

    A similar way where users can log in with Google. And access grant is asked only first time.

     

     

     

    0
    Comment actions Permalink

Please sign in to leave a comment.