Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Permanent Access Token in OAuth2

Tags:

oauth-2.0

box-api

Is it possible to get a permanent access token using OAuth2? I want to use Box to download files during an installation. The installation grabs all of the files in a particular folder. I have a box account set up as the owner of the folder and in API v1 I can get a permanent auth_token to reuse in my executable. But it appears that with OAuth2 I can only get a 1 hour access token and a refresh token. But because the end user does not actually have access to Box, and the application is a desktop application, they can't authenticate on the fly if a token has expired. I know there are other solutions out there, but the V1 api let me do this and I was hoping to not lose this functionality when V1 is deprecated.

like image 911
user1946925 Avatar asked Feb 28 '26 03:02

user1946925

2 Answers

Box's implementation of OAuth2 does not generate permanent tokens. However, just as in the V1 API, you can create a link for a file you upload that is accessible to non-Box users. You have to set the shared access to "open" in the UI, or via API the json.

There's a section in the docs that explain how to do it. You essentially pass a PUT to the /files/ endpoint with a small JSON body like this:

{"shared_link": {"access": "open"}}

You will get back a json file body, with a shared_link section that is complete. Something like this:

"shared_link": {
    "url": "https://www.box.com/s/rh935iit6ewrmw0unyul",
    "download_url": "https://www.box.com/shared/static/rh935iit6ewrmw0unyul.jpeg",
    "vanity_url": null,
    "is_password_enabled": false,
    "unshared_at": null,
    "download_count": 0,
    "preview_count": 0,
    "access": "open",
    "permissions": {
        "can_download": true,
        "can_preview": true
    }
like image 90
Peter Avatar answered Mar 02 '26 15:03

Peter

You can use refresh token to get a new access token that lasts another hour, and a new refresh token.

So your desktop application may need to connect to internet securely to read/write

  • access token
  • access token expiry date
  • refresh token
  • refresh token expiry date**

**Each refresh token is only valid for 14 days. Was hoping that Box remove the expiry feature.

Alternatively, put your files on a publicly accessible location as per original suggestion.

like image 24
MikeLim Avatar answered Mar 02 '26 17:03

MikeLim
Sign in to Comment

Related questions

How to secure a public REST API with Azure Active Directory without user interaction
Debugging "checks.state argument is missing" error AUTH0
Spring Security: How to use a UserDetailsService with JwtAuthenticationProvider?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!