Using multiple access tokens in one Box appliction for a unique "AccessTokenCacheKey"

The App User access token is valid for one hour, unless a new token is requested and used.

If a new token is requested but not used, the old token is still valid (assuming it less than one hour old). If a new token is requested and used, the old token will be invalidated.

Thanks for replying. As long as I checked, Box platform is possible to provide multiple access tokens for one AppUser.

 That is impossible in standard Box OAuth2 application which provides a pair of access token and refresh token. Once a refresh token is used, new access token is provided then the access token is used by app, old access token became expired.  However, even if I request new access token for the AppUser for whom I already requested an access token, these two access tokens are active and I was able to use both. So, it is possible to have multiple access tokens concurrently for one AppUser in Box Platform.

 So, I had the question to have multiple access tokens for one AppUser and if there is any benefit to do it.

My earlier reply was incorrect. Sorry for the confusion!

The results you are seeing is the expected behavior. Here are some notes about the App User access token from our PM team:

• You can generate as many App User access tokens as needed.
• Each token is independent and has its own expiration of 60 minutes.
• This lets you have different tokens for different clients.

Thanks!  It looks multiple access tokens generated are intended to be used in different clients. So I may not need to cache multiple access tokens for one AppUser on one client, but it is enough to use one access token.

>Each token is independent and has its own expiration of 60 minutes.

Is this flow valid for standard users access tokens as well? Or are they invalidated when the new one is used? 

I've seen multiple opposite explanations on forums, but no official docs about it.