Skip to main content

How many refresh tokens can be obtained simultaneously per client ID for Box?

  • August 18, 2023
  • 1 reply
  • 234 views
How many refresh tokens can be obtained simultaneously per client ID for Box?
  • New Participant

Hi!


I have a question about Box’s OAuth2.

How many refresh tokens can be obtained simultaneously per client ID for Box?


For instance, GOOGLE allows up to 100 refresh tokens to be obtained for one Client ID.


There is currently a limit of 100 refresh tokens per Google Account per OAuth 2.0 client ID. If the limit is reached, creating a new refresh token automatically invalidates the oldest refresh token without warning. This limit does not apply to service accounts


Did this topic help you find an answer to your question?

1 reply

rbarbosa Box
  • Developer Advocate
  • 553 replies
  • August 22, 2023

Hi @Yun , welcome to the forum!!!


Interesting question, per client id I don’t think there is a limit.


However per client id and user id the limit is 1.


This means a refresh token can only be used once, and you get a new refresh token for that user and client id.


To avoid concurrency issues if the same refresh token is used more than one time during a certain time period your app gets the same new access and refresh token.


I don’t remember exactly how long the period is but consider it to be seconds.


Let us know if this helps.


Cheers


Cookie policy

We use cookies to enhance and personalize your experience. If you accept you agree to our full cookie policy. Learn more about our cookies.

 
Cookie settings