Joel
Reputation: 2688
Maintaining Box refresh / access tokens in a disrtibuted system
We have multiple servers that access Box, so we turn off auto-refresh.
connect.setMaxRequestAttempts(1);
connect.setAutoRefresh(false);
Assumptions gathered from unit tests:
- Previous access tokens < 1hr old can still be used for access
- A token pair can be refreshed multiple times, as long as a newer token pair has not been used for access.
Given that, it appears you can have multiple readers with one writer updating the token pair, even if a reader gets the previous token pair, it should be fine (for access).
We ensure that only one thread in the system updates the tokens, but yet are having issues with 401 errors in spite of locking down the token updates. It seems there something wrong with the assumptions above.
Upvotes: 1
Views: 151
Answers (1)
Murtza Manzur
Reputation: 1214
Your assumptions are close. Here is the expected behavior:
- A token is valid for one hour, unless a new token is requested and used.
- If a new token is requested but not used, the old token is still valid (assuming it less than one hour old).
- If a new token is requested and used, the old token is invalidated.
Upvotes: 1
Related Questions
- token refresh callback access token in Box using oauth2.0 using ruby
- Get non expiring Access Token from Box or Get access token from box by passing UserName and Password.?
- Use BOX token from v1 to v2 API to get new tokens
- Max number of auth-tokens that box can issue against a user at one time?
- Auto refresh of box.com tokens failure
- BOX API trying to connect user and grant access to Box
- Why do refresh tokens expire after 14 days
- box API 1 token and box AP1 2 tokens
- Can we get multiple access tokens for single Box User
- Box API 2.0 : How to upload a file to your Box (apps) folder when you use /tokens API