I was testing JWT authentication using my sample console app and at some point I realized that my access tokens are not being expired. I thought they should expire after 60 minutes.
For my surprise, later I discovered that I can pass ANY text as token and it still works. Is it because my app is created within the same Enterprise it tries to access? Why it works with any string?
// Read the config with client id, secret, public/private keys from the JSON file
using (var configStream = File.OpenRead(configJsonPath))
config = BoxConfig.CreateFromJsonFile(configStream);
// Authentication code
xJWTAuth boxJwtAuth = new BoxJWTAuth(config);
//string adminToken = boxJwtAuth.AdminToken(); // COMMENTED OUT!
string adminToken = "ANY STRING"; // WHY THIS WORKS?
// Retreive the list of users - works!
BoxClient adminClient = boxJwtAuth.AdminClient(adminToken);
BoxCollection<BoxUser> boxUsers = adminClient.UsersManager.GetEnterpriseUsersAsync().Result;