Skip to main content
Solved

How to invalidate a downscoped token generated by SDK?


The generate downscoped token is valid for almost one hour. Let’s say i want to invalidate token after 20 minutes(Logout usecase).


I am getting the following error,

The API returned an error code

{“error”:“invalid_request”,“error_description”:“The client is invalid”}


The following specified code is not working.

box-java-sdk/doc/authentication.md at main · box/box-java-sdk · GitHub


Is there any other way, we can achieve this functionality ?

Best answer by kberdychowski Box

Hello,


I’m only guessing, as there is no code sample provided, that client used to revoke token was created without setting clientId and clientSecret. If you configure that all should work as expected:


public class DownscopedToken {

  public static void main(String[] args) {

    var api = ... // create your API connection



    List<String> scopes = new ArrayList<String>();

    scopes.add("item_preview");

    var downscopedToken = api.getLowerScopedToken(scopes, "https://api.box.com/2.0/folders/0");



    // is you just use new BoxAPIConnection(downscopedToken.getAccessToken()) this will fails with `invalid_request - The client is invalid`

    var downscopedApiConnection = new BoxAPIConnection(api.getClientID(), api.getClientSecret(), downscopedToken.getAccessToken(), null);

    downscopedApiConnection.revokeToken();

  // success token is invalid

  }

}

View original
Did this topic help you find an answer to your question?

2 replies

kberdychowski Box

Hello,


I’m only guessing, as there is no code sample provided, that client used to revoke token was created without setting clientId and clientSecret. If you configure that all should work as expected:


public class DownscopedToken {

  public static void main(String[] args) {

    var api = ... // create your API connection



    List<String> scopes = new ArrayList<String>();

    scopes.add("item_preview");

    var downscopedToken = api.getLowerScopedToken(scopes, "https://api.box.com/2.0/folders/0");



    // is you just use new BoxAPIConnection(downscopedToken.getAccessToken()) this will fails with `invalid_request - The client is invalid`

    var downscopedApiConnection = new BoxAPIConnection(api.getClientID(), api.getClientSecret(), downscopedToken.getAccessToken(), null);

    downscopedApiConnection.revokeToken();

  // success token is invalid

  }

}


  • Author
  • Known Participant
  • 22 replies
  • August 2, 2023

HI @kberdychowski, Thanks for the snippet. It is working fine.


Cookie policy

We use cookies to enhance and personalize your experience. If you accept you agree to our full cookie policy. Learn more about our cookies.

 
Cookie settings