Skip to main content

Is there a way to eliminate the grant access page if a user is already given access to the app? Or is there any other type of custom app I can use for this purpose?


My requirement is just to verify that the visitor is an actual box user or not.



Once the user grants we store the tokens and refreshs the token before the expiry of the refresh token.



A similar way where users can log in with Google. And access grant is asked only first time.

Hi @MBenny



I’m not sure what your question is Beeny.



You’re describing the normal behavior for a Box OAuth 2.0 app.



So the first time the user authorizes the app.



In that process your app gets an access token and a refresh token, valid for 60 minutes and 60 days. You should store these tokens somewhere safe.



The second time, your app needs to get the tokens from before.



If the access token is still valid (< 60 minutes) then just use that.



If not, but the refresh token is still valid (<60 days), then use that token to get a new access token. Your app will also get a fresh new refresh token. Store these again, and use the access token



If your refresh token is expired, your app needs to go through the authorization process again.



Not sure if python is your things, but here is a sample app template that implement OAuth:





Let us know if this helps.


Reply