I'm currently building a Box application, which will be used by Box users.
I use the Java Content API, to call the Rest services, to authenticate the user, everything works fine.
But I'm surprised that every time I log in my application, I need to use the 2 steps authentication, which includes receiving a code via text message on my phone.
How can I have the same behavior as in Box : 2 steps for the first login with a device, and then only one step if I re-use this device ?
Hi Claire,
If you enable 2-factor authentication, then every time you authenticate, you should be forced to do two-factor. It's possible that in your enterprise you're using a third party tool like Okta, that allows for setting advanced features on token expiry.
With that said, you should only be forced to authenticate if you are not already authenticated to Box. The OAuth flow should be only the authorization step. Once authorized, your app will be passed tokens that can be used for subsequent calls.
To learn more about the overall flow, check out:
https://box-content.readme.io/docs/oauth-20
Let me know if this clears thing up, or if there is still something we can help with.
Ross
I don't understand your reply : the 2nd step of the authentication (code sent by text message to my phone) depends of the device used.
My question is not about token expiry, or forced authentication.
For example, on Box website :
1. I log in using a device for the first time, the 2nd step will be activated : I will receive a text message to confirm my authentication.
2. I log out.
3. I log in a 2nd time from this same device : I only need to fill in my login/password, the 2nd step won't be activated.
It is this behavior that I would expect when I use the Content API to authenticate a Box user.
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.
