I can NOT refresh my token using below VB.Net code. What is wrong with this code? If I create Developer token and use, it works for an 1 hr. That's it! I have to regenerate developer token using my Box enterprise userID every time to use in the code.
Imports BoxApi.V2
Imports BoxApi.V2.Authentication.OAuth2
Imports BoxApi.V2.Model
Imports System.IO
Public Class _Default
Inherits System.Web.UI.Page
Protected Sub Page_Load(ByVal sender As Object, ByVal e As System.EventArgs) Handles Me.Load
Dim clientID As String
Dim clientSecret As String
Dim oldRefreshToken As String
Dim newToken As BoxApi.V2.Authentication.OAuth2.OAuthToken
clientID = "My client id"
clientSecret = "My client secret"
Dim tokenProvider As New TokenProvider(clientID, clientSecret)
'''' Reading Refresh token from the file
Dim streamReader As StreamReader
streamReader = System.IO.File.OpenText(Server.MapPath("~\\Box\\BoxApiRefreshToken.txt"))
oldRefreshToken = streamReader.ReadToEnd()
streamReader.Close()
newToken = tokenProvider.RefreshAccessToken(oldRefreshToken)
Dim boxManager As New BoxManager(newToken.AccessToken)
'Dim boxManager As New BoxManager("My Developer Token")
'''' Writing the new Refresh token to the file
Dim streamWriter As New StreamWriter(Server.MapPath("~\\Box\\BoxApiRefreshToken.txt"))
streamWriter.Write(newToken.RefreshToken)
'streamWriter.Write("My Developer Token")
streamWriter.Close()
enter code here
End Sub
End Class
Ok, so there are a few things going on here.
Box's OAuth2 implementation involves two distinct tokens that are issued as a pair:
Access
token, which authorizes API requests and expires after ~60 minutesRefresh
token, which is used to periodically fetch a new Access/Refresh token pair. This expires after 60 days, or after its first successful use, whichever comes first.When you use the Create Developer token feature on Box's website, you are only getting an
Access
token. This cannot be refreshed (because you are not issued a corresponding refresh token) nor can it be used to refresh other access tokens.In order to get a refreshable token pair, you need to perform the entire OAuth2 workflow as documented by Box. This workflow must be performed in a web browser. I've set up simple web app that performs the workflow and gives you a refreshable token pair. Note that you must set your
redirect_uri
tohttps://box-oauth2-mvc.azurewebsites.net/
in order for that app to work properly.The token pair from (3) should be infinitely refreshable. Recall that every time you use a refresh token you'll receive a brand new access/refresh token pair. The original refresh token is invalidated after it's successfully used. The new refresh token must be used for the next refresh operation.