Showing results for 
Search instead for 
Do you mean 
The blueprint for the future of work
Register today!
Attend BoxWorks
Desktop, meet cloud.
Box Drive is the easiest and fastest way to connect to the cloud — without changing the way you work.
View resources
Occasional Contributor
Posts: 5

node.js SDK - basic authentication questions

I'm fairly new to node.js, and very new to OAuth2, so my apologies if this is unbelievably basic...


I'm trying to make sense of the node.js authentication documentation, and I'm getting hung up on a couple of things.

  1. In the example for normal authentication is this line:
    var TokenStore = require('TOKEN-STORE-IMPLEMENTATION');

    What "TOKEN-STORE-IMPLEMENTATION" is recommended? What are the possibilities? What are the requirements for a token store implementation? How would I find a compatible token store implementation?

  2. In the same section is this line:
    sdk.getTokensAuthorizationCodeGrant('YOUR-AUTH-CODE', null, function(err, tokenInfo) {
    What is "YOUR-AUTH-CODE"? Is that something configured on my Box application that I need to make sure matches between my code and the configuration? Is that something dynamically generaged (and if so, what should I do with it)?

Thanks very much!

Occasional Contributor
Posts: 5

Re: node.js SDK - basic authentication questions

Note: I did find the example implementation of token store, so that answers part of question 1 (what are the requirements of a token store implementation), but it doesn't answer what production-ready token store implementations are out there.

Posts: 26

Re: node.js SDK - basic authentication questions

This isn't particularly pretty, or complete, code, but it might give you somewhere to start.  This is a simple example where the access and refresh tokens are stored in a JSON file (this is for a single server-side batch process. I primarily program in Python, so I have a standalone utility that handles the initial Box authorization and generates the tokens.  It normally puts them directly into Windows Credential Manager, but, for JavaScript, I'll just copy-and-paste into the JSON file.  Unfortunately, I don't currently have any JavaScript that helps with the first-time token generation, but I'll be happy to share the Python code if you can use that instead.


For the sample below, you'll need an existing "boxTokens.json" file that looks like this:




"blahblahblah" represents the access and refresh tokens you'll get from that first-time authorization process.  After you run the JavaScript, below, your JSON file will look like this:


{"accessToken":"UPDATED_ACCESS_TOKEN","refreshToken":"UPDATED_REFRESH_TOKEN","accessTokenTTLMS":3893000,"acquiredAtMS":removed for privacy1402}


var boxSDK = require('box-node-sdk');
var jsonfile = require('jsonfile');
var file = './boxTokens.json';


tokensFile = jsonfile.readFileSync(file);

var sdk = new boxSDK({
    clientID: 'YOUR_CLIENT_ID',
    clientSecret: 'YOUR_CLIENT_SECRET'


sdk.getTokensRefreshGrant(tokensFile.refreshToken, function(err, tokenInfo) {
    if (err) {
        throw err;

    tokenString = JSON.stringify(tokenInfo);

    jsonfile.writeFileSync(file, tokenInfo);

    boxClient = sdk.getPersistentClient(tokenInfo);
    boxClient.users.get(boxClient.CURRENT_USER_ID, null, function(err, currentUser) {
        if(err) {
    console.log('Hello, ' + + '!');


Occasional Contributor
Posts: 5

Re: node.js SDK - basic authentication questions

Thanks, SalsaShark42, but I've tried various permutations of your code in my app, and I get "Error: Expired Auth: Auth code or refresh token has expired." on the call to sdk.getTokensRefreshGrant(). I've tried using the sdk.getTokensAuthorizationCodeGrant() method as described in the SDK documentation and I get the same error there.


Any more suggestions?

Occasional Contributor
Posts: 5

Re: node.js SDK - basic authentication questions

Hmmmm -- I took a closer look at the docs and I saw this in the section about PersistentClient:




After a user logs in and grants your application access to their Box account,
they will be redirected to your application's `redirect_uri` which will contain
an auth code. This auth code can then be used along with your client ID and
client secret to establish an API connection.  A `PersistentClient` will
automatically refresh the access token as needed.

Key phrase: "after a user logs in".


So my question is probably even more basic: What do I do in my web app to get the user to sign in to Box so that my callback can be invoked? The Box documentation seems to assume that I know how to do that...or maybe I haven't found the "box integration for complete beginners" page.



Occasional Contributor
Posts: 5

Re: node.js SDK - basic authentication questions

Okay, I found the page I was looking for:

Not sure why I was having trouble finding that...

But since this is part of the overall API documentation, it's not clear how much of all of that I need to do vs how much the SDK does for me....

Still struggling but making progress.

Posts: 26

Re: node.js SDK - basic authentication questions

As I mentioned in my original post, I have a Python utility that establishes that initial authorization (and, thus, generates the first access and refresh tokens).  Part of that process involves the utility launching a browser window to Box and prompting the user to log in and authorize the application to access that Box instance.


And it's not necessarily a problem if you see a message about the token being expired.  If you're using one of the Box SDKs, it will handle that error and try to refresh the token/get a new, valid one.


So I guess the first question is this:  Have you completed that initial authorization/token generation process?

Occasional Visitor
Posts: 1

Re: node.js SDK - basic authentication questions

[ Edited ]

Hi scottsm, are you able to go throught the whole auth procee once? 


I feel the document are in difference places and lots of unexplain term. I read all documents I can find online but still can't figure out why. Can you share your code or thought if possible?




Posts: 26

Re: node.js SDK - basic authentication questions

Where are you stuck?  The sample code I posted provides an example of how to handle the authentication/tokens after you've done the initial user authorization.  You can do that first-time authorization using something like Postman or I can post some sample Python code that will facilitate it.


It would help if you could be specific on where you're stuck.

Occasional Contributor
Posts: 10

Re: node.js SDK - basic authentication questions

Hi guys, have you made any progress with this?


I'm getting 'The authorization code has expired' after implementing the example token store. Any help you could offer would be greatly apprciated thanks.

Users online (186)