Fetching access token from refresh token in VB.net using BOXAPI.V2

1.4k views Asked by At

I can NOT refresh my token using below VB.Net code. What is wrong with this code? If I create Developer token and use, it works for an 1 hr. That's it! I have to regenerate developer token using my Box enterprise userID every time to use in the code.


Imports BoxApi.V2
Imports BoxApi.V2.Authentication.OAuth2
Imports BoxApi.V2.Model
Imports System.IO


Public Class _Default
    Inherits System.Web.UI.Page

    Protected Sub Page_Load(ByVal sender As Object, ByVal e As System.EventArgs) Handles Me.Load

    Dim clientID As String
        Dim clientSecret As String
        Dim oldRefreshToken As String
        Dim newToken As BoxApi.V2.Authentication.OAuth2.OAuthToken

        clientID = "My client id"
        clientSecret = "My client secret"

        Dim tokenProvider As New TokenProvider(clientID, clientSecret)

        '''' Reading Refresh token from the file
        Dim streamReader As StreamReader
        streamReader = System.IO.File.OpenText(Server.MapPath("~\\Box\\BoxApiRefreshToken.txt"))
        oldRefreshToken = streamReader.ReadToEnd()
        streamReader.Close()

        newToken = tokenProvider.RefreshAccessToken(oldRefreshToken)

    Dim boxManager As New BoxManager(newToken.AccessToken)

        'Dim boxManager As New BoxManager("My Developer Token")

        '''' Writing the new Refresh token to the file
        Dim streamWriter As New StreamWriter(Server.MapPath("~\\Box\\BoxApiRefreshToken.txt"))
        streamWriter.Write(newToken.RefreshToken)

        'streamWriter.Write("My Developer Token")

        streamWriter.Close()
    enter code here
    End Sub

End Class
1

There are 1 answers

10
John Hoerr On BEST ANSWER

Ok, so there are a few things going on here.

  1. Box's OAuth2 implementation involves two distinct tokens that are issued as a pair:

    • The Access token, which authorizes API requests and expires after ~60 minutes
    • The Refresh token, which is used to periodically fetch a new Access/Refresh token pair. This expires after 60 days, or after its first successful use, whichever comes first.
  2. When you use the Create Developer token feature on Box's website, you are only getting an Access token. This cannot be refreshed (because you are not issued a corresponding refresh token) nor can it be used to refresh other access tokens.

  3. In order to get a refreshable token pair, you need to perform the entire OAuth2 workflow as documented by Box. This workflow must be performed in a web browser. I've set up simple web app that performs the workflow and gives you a refreshable token pair. Note that you must set your redirect_uri to https://box-oauth2-mvc.azurewebsites.net/ in order for that app to work properly.

  4. The token pair from (3) should be infinitely refreshable. Recall that every time you use a refresh token you'll receive a brand new access/refresh token pair. The original refresh token is invalidated after it's successfully used. The new refresh token must be used for the next refresh operation.