Can't Get Parent of Collaboration File After Token Refresh

回答済み
新規投稿

コメント

2件のコメント

  • jmoldow_box

    There is definitely something that isn't right here. The refreshed access token should have the same scopes as the original access token. And if a user is collaborated on a folder F, then it should be able to see that folder as the parent folder when querying any of its children.

     

    Here's some things to try / questions to answer:

    • Before and after the refresh, can you make an API call for /users/me, to check that the user is the same before and after the refresh?
    • Can you tell why the SDK is doing a refresh? The access token is supposed to be good for an hour.
    • After the refresh, can you do an API query to get the list of items in your root folder? If the path_collection is indeed empty, you should see the file in your root folder, you shouldn't be able to see the parent folders.
    • After the refresh, can you query the parent folder by its id? Can you see it, or do you get a 404? If you can see it, what happens if you query its list of items? Can you see the file?
    • What happens if you do the token refresh via curl? Using the new access token you got from curl, does the same problem occur?
    0
    コメントアクション パーマリンク
  • LucidStephen

    Before and after the refresh, can you make an API call for /users/me, to check that the user is the same before and after the refresh?

     

    I get identical JSON responses before and after the refresh.

     

    Can you tell why the SDK is doing a refresh? The access token is supposed to be good for an hour.

     

    In my experience, the Java SDK refreshes my token on the first request performed by a BoxAPIConnection object, no matter what. I strongly suspect this is a bug in the SDK, but I haven't had time to investigate the root cause yet.

     

    After the refresh, can you do an API query to get the list of items in your root folder? If the path_collection is indeed empty, you should see the file in your root folder, you shouldn't be able to see the parent folders.

     

    I can with the original token, but not with the refreshed token. I get a 403 with this error header:

    WWW-Authenticate: Bearer realm="Service", error="insufficient_scope", error_description="The request requires higher privileges than provided by the access token."

     

    This was a very revealing question. I think I found the root cause of my problem now. I recently modified the web action on my app to have Box provide an auth code query string parameter. I use this auth code to verify that I received an authentic Box request by exchanging it for a new access token. Apparently that token has very limited access to a user's data. I was accidentally overwriting the token I had stored in the database on my end with this new, limited access token, and this is why I was getting my original error.

     

    It may be interesting to note that, even after fixing this bug in my system, I am still observing the buggy SDK behavior where it refreshes my token long before it needs to. However, now, the newly-refreshed token has all of the scopes it should.

    0
    コメントアクション パーマリンク

サインインしてコメントを残してください。