Using the Box API V2, is there any combination of errors in the fields which would cause valid and non-expired refresh token or the access token to become invalid? Errors such invalid values for fields or maybe the frequency of retries, such as trying to create users with invalid fields within a short amount of time?
Asked
Active
Viewed 71 times
1
-
It's not entirely clear what you're asking. Are you receiving some error that you'd like help debugging? If so, could you post it here? – John Hoerr Jun 23 '14 at 18:42
-
I am not receiving errors, but I've noticed in the tests past week that every now and then the RT becomes invalid (before the 60 days). The error message is not that the AT became invalid, but that the RT is now invalid. So I am wondering what errors in the fields (if any) would cause the RT to become invalid. – Alexandre Santos Jun 23 '14 at 19:07
1 Answers
1
If you use the RT, it gives you back a new AT and RT. If you use the new AT, then the old RT becomes invalid.
Peter
- 2,551
- 1
- 14
- 20
-
That much I know. Are there any other conditions which would cause either the AT or RT to become invalid, besides them expiring or the user revoking them? Any invalid conditions, or threshold of errors which would cause either one to become invalid? – Alexandre Santos Jun 29 '14 at 07:58
-
So far, we don't invalidate the RT for overzealous RT calls (though honestly, some people are pushing us to consider it). Someone else using your RT would make it invalid. So there's a chance your application is being targeted by bad actors. – Peter Jun 30 '14 at 17:36