Box Authentication from Third-Party app, authorization expiration issue

SOLVED
Go to solution
Highlighted
New Contributor

Box Authentication from Third-Party app, authorization expiration issue

Hello community,

 

I have an scenario at my client and would like to know if someone has faced it too.

They are using box to store flat files with data generated by an external app. They are connecting a data analysis tool that ingest data from those files previously published in BOX. They app for data analysis and visualization is Tableau, which has a native box connector built in. 

So far, they were using service accounts to connect to box, which do not require to update the passwords every certain time.

The problem is  that the client has restricted access to box and services accounts are no longer authorized to connect to box. Now, they must use their personal Active Directory accounts and reconfigure the connection every time they update their password (as required by security policy). 

We just want to avoid the need to setup again the connection because of the password renewal process.

 

I also know that box api provides some connection tokens, but as far as I know, they also expire. Is it correct?

 

Any help will be appreciated.

 

Thanks

2 REPLIES 2
Highlighted
Contributor

Re: Box Authentication from Third-Party app, authorization expiration issue

hi @VMayor, Box does provide Oauth2 based authentication where the integrations can keep the session active with long lived refresh token (60days) and generate an access token (short lived 1 hour) to make any API calls. This approach must be implemented in the native Tableau connector to ensure that users AD credentials are not cached and avoiding the need for users to enter new password everytime they change their AD password.

 

-Nayak

Highlighted
New Contributor

Re: Box Authentication from Third-Party app, authorization expiration issue

Hi Nayak, all,

 

Exactly, I do not see a way to keep a session longer than 60 days (max age of an access token in box). 

 

With the use of Service Accounts, they were able to connect to BOX without any kind of renew process (that requires a re-republishment). 

 

I just wanted to see if there's any other kind of tokens in box or if the token max time could be extended.