Authenticate a user - web app integration

How am I suppose to authenticate the request from box (the client callback), The only thing I can get from it is the auth_code and the user_id, which I can use to authenticate the user by requesting the access_token and then verify that the access_token and user_id are connected. I then save the token and the user_id on my server, however next time, how can I can I verify the user_id without having to ask for a new access_token? doing that ends up creating a new "connection" which shows up in the security as the app having access to two sessions (access_tokens).