Welcome to the new Box Support website. Check out all the details here on what’s changed.

With JWT authentication any token grabs data from my Enterprise account

New post


1 comment

  • Ahmed Salem

    I dug sources and at this point it seems to me that SDK itself takes care of getting the token if you pass a wrong token.

    if (boxResponse2.Status == ResponseStatus.Unauthorized)
    boxResponse2 = await this.RetryExpiredTokenRequest<T>(request).ConfigureAwait(false);

    RetryExpiredTokenRequest method seems to get the token for me.
    Does it mean that if we grab a token once and do not update it for the lifetime of the application

    1. My old token will work forever if I'll use SDK methods.
    2. My old token will work as designed for the first 60 minutes.
    3. After 60 minutes everytime we will make a request with the old token, we will end up with doing 2 requests - first request will fail, SDK will grab a fresh token for each request and make another retry.

    Dear Box Team can you confirm if my assumption is correct?

    Comment actions Permalink

Please sign in to leave a comment.