Skip to main content
Question

Box OAuth access token and refresh token- Standard practice

  • May 22, 2025
  • 4 replies
  • 60 views
C
Forum|alt.badge.img

Hello, 

I am working on requirement where we have to access file from box and save it to some other application, Platform team has asked us to use OAuth 2.0 authentication (No JWT authentication). I am able to access box using OAuth Access token and refresh token. My question is,how can I make sure that my code will work after 60 days. I know that refresh token is valid for next 60 days. Can I create new access and refresh token from old token with each request? What is standard practice box suggests for this kind of requirement? 

 

Thanks in advance,

Kiran 

    4 replies

    C
    Forum|alt.badge.img

    Hi, I was wondering the same...

    Any answer so far?

    C
    Forum|alt.badge.img

    Has anyone got an answer to this?

     

    Can't find information on refreshing a token via API anywhere.

    C
    Forum|alt.badge.img

    Hello all! 

     

    To answer the original question of: 

     

    "Can I create new access and refresh token from old token with each request?" 

     

    In short, No. Your code should prompt the user to start the oauth2 flow again if the refresh token is invalid! 

     

    Best, 

    Kourtney 

     

     

     

    C
    Forum|alt.badge.img

    At least in the SDK .NET, the one that I'm using, there's a method call ExchangeRefreshToken with this:
    /// Refresh token used to exchange for a new access token. Each refresh_token is valid for one use in 60 days. Every time you get a new access_token by using a refresh_token, we reset your timer for the 60 day period and hand you a new refresh_token

    So it looks like there's a way to use the actual refresh token, to renew the 60 days and get a new refresh token using the old one.
    But I'm confused now because the last post is coming from a person that works in the company and is saying there's no way to do this, so I don't know.

    Terms of ServiceAccessibility statement