Level up your Box knowledge with brand new learning paths on Box University. Visit training.box.com to get started

Box Status

Using multiple access tokens in one Box appliction for a unique "AccessTokenCacheKey"

Répondu
S’abonner
Nouvelle publication
takepon

I am making use of Box Java SDK for creating my box application. In Box platform (BoxDeveloperEditionAPIConnection), do we have any merit to use more than two access tokens for a unique "AccessTokenCacheKey"?

 

In InMemoryLRUAccessTokenCache implementation, only one active access token is cached for the unique key. Does that mean, using multiple access tokens for one AppUser in the same application are meaningless in Box platform?  For example, Is API call limitation (1 sec window and 24 hours window) applied to not a unit of access token but a unit of AppUser?

 

If there is any merit to use multiple access tokens for one AppUser, I am thinking to create own cache implementation so any information would be appreciated.

0

Commentaires

5 commentaires

Date Votes
  • Murtza

    The App User access token is valid for one hour, unless a new token is requested and used.

     

    If a new token is requested but not used, the old token is still valid (assuming it less than one hour old). If a new token is requested and used, the old token will be invalidated.

    0
    Actions pour les commentaires Permalien
  • takepon

    Thanks for replying. As long as I checked, Box platform is possible to provide multiple access tokens for one AppUser.

     That is impossible in standard Box OAuth2 application which provides a pair of access token and refresh token. Once a refresh token is used, new access token is provided then the access token is used by app, old access token became expired.  However, even if I request new access token for the AppUser for whom I already requested an access token, these two access tokens are active and I was able to use both. So, it is possible to have multiple access tokens concurrently for one AppUser in Box Platform.

     So, I had the question to have multiple access tokens for one AppUser and if there is any benefit to do it.

    0
    Actions pour les commentaires Permalien
  • Murtza

    My earlier reply was incorrect. Sorry for the confusion!

     

    The results you are seeing is the expected behavior. Here are some notes about the App User access token from our PM team:

    • You can generate as many App User access tokens as needed.
    • Each token is independent and has its own expiration of 60 minutes.
    • This lets you have different tokens for different clients.

     

    0
    Actions pour les commentaires Permalien
  • takepon

    Thanks!  It looks multiple access tokens generated are intended to be used in different clients. So I may not need to cache multiple access tokens for one AppUser on one client, but it is enough to use one access token.

    0
    Actions pour les commentaires Permalien
  • adoprog

    >Each token is independent and has its own expiration of 60 minutes.

    Is this flow valid for standard users access tokens as well? Or are they invalidated when the new one is used? 

    I've seen multiple opposite explanations on forums, but no official docs about it.

    0
    Actions pour les commentaires Permalien

Vous devez vous connecter pour laisser un commentaire.