Skip to main content

Hi!



I have a question about Box’s OAuth2.


How many refresh tokens can be obtained simultaneously per client ID for Box?



For instance, GOOGLE allows up to 100 refresh tokens to be obtained for one Client ID.



There is currently a limit of 100 refresh tokens per Google Account per OAuth 2.0 client ID. If the limit is reached, creating a new refresh token automatically invalidates the oldest refresh token without warning. This limit does not apply to service accounts



Hi @Yun , welcome to the forum!!!



Interesting question, per client id I don’t think there is a limit.



However per client id and user id the limit is 1.



This means a refresh token can only be used once, and you get a new refresh token for that user and client id.



To avoid concurrency issues if the same refresh token is used more than one time during a certain time period your app gets the same new access and refresh token.



I don’t remember exactly how long the period is but consider it to be seconds.



Let us know if this helps.



Cheers


Reply