Latest Java sdk and Oauth: are 'refresh' tokens refreshed automatically?

回答済み

フォローする

新規投稿

pgoldweic

• 2016年06月16日 12:43

Hi,

From reading the Javadocs I gather that, by obtaining an authorization code on behalf of a user (in my case an admin), then creating a BoxAPIConnection(clientid, clientSecret), and finally calling connection.authenticate(code), I will have obtained all the tokens that are necessary for making (at least immediate) API calls.

But, although the BoxAPIConnection does automatic 'access' token refreshes, what happens to the 'refresh' token (which normally would expire in 60 days). Can the connection be trusted to refresh this automatically too? (let's say that my app saves the stored connection state -using the sdk- and whenever it restarts, it creates a new connection restoring this saved state). Would be great if somebody could enlighten me on this, as I am not able to find any documentation on it (although I was able to see some hooks for refreshing a 'refresh' token in the deprecated APIs that used BoxClient and other classes, etc.). 

Thanks!

 

 

 

0

• 

  Murtza

  • 2016年06月16日 14:41

  The Java SDK does not automatically refresh tokens.

   

  Refresh tokens can't automatically be refreshed. When a refresh token expires, it’s the equivalent of being automatically logged out, so the user will need to go through the OAuth login flow again.

  0

  コメントアクション パーマリンク
• 

  kendomen

  • 2016年11月01日 23:50

  I've had to refresh the token if it needs refreshing like this...

   

  private static BoxAPIConnection getBoxAPIConnection(String client_id, String client_secret, String token, String refresh_token, String stateConfPath) {
  
          String state = null;
          try {
              logger.info("Getting state.conf: " + stateConfPath + "/state.conf");
              InputStream fis = new FileInputStream(stateConfPath + "/state.conf");
              InputStreamReader isr = new InputStreamReader(fis, Charset.forName("UTF-8"));
              BufferedReader br = new BufferedReader(isr);
              state = br.readLine();
          }
          catch (FileNotFoundException f) {
              try {
                  // create file if it doesn't exist
                  PrintWriter writer = new PrintWriter(stateConfPath + "/state.conf", "UTF-8");
                  writer.println("");
                  writer.close();
              }
              catch (Exception w) {
                  logger.fatal("Exception", w);
              }
          }
          catch (IOException e) {
              logger.fatal("IOException", e);
          }
  
          BoxAPIConnection api = null;
  
          //if (null == state || "".equals(state)) {
          if (!token.equals("") && !refresh_token.equals("")) {
              api = new BoxAPIConnection(client_id, client_secret, token, refresh_token);
          } else {
              logger.info("Restoring state..." + state);
              api = BoxAPIConnection.restore(client_id, client_secret, state);
              if (api.needsRefresh()) {  // this is not a reliable call.  It can still throw a 401 below
                  logger.info("api refreshing...");
                  api.refresh();
              }
              else {
                  logger.info("api good...");
              }
          }
  
          return api;
      }

  0

  コメントアクション パーマリンク

サインインしてコメントを残してください。