Question

Removing app does not revoke refresh token

Forum|Forum|1 year ago
May 22, 2025
1 reply
15 views

community-manager
Box Employee

After removing a custom app from my user account, I can still use the refresh token and access everything. Essentially, removing an app does not revoke permissions. Why? This is a huge security concern.

C

community-manager
Author
Box Employee
Forum|Forum|1 year ago
May 22, 2025

Hi,

Can you send me the client id of that application or the enterprise id the app is tied to? It looks like the account that posted this question is not tied to an enterprise.

Thanks,

Alex, Box Developer Advocate

Like

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded