1

I can NOT refresh my token using below VB.Net code. What is wrong with this code? If I create Developer token and use, it works for an 1 hr. That's it! I have to regenerate developer token using my Box enterprise userID every time to use in the code.

Imports BoxApi.V2
Imports BoxApi.V2.Authentication.OAuth2
Imports BoxApi.V2.Model
Imports System.IO


Public Class _Default
    Inherits System.Web.UI.Page

    Protected Sub Page_Load(ByVal sender As Object, ByVal e As System.EventArgs) Handles Me.Load

    Dim clientID As String
        Dim clientSecret As String
        Dim oldRefreshToken As String
        Dim newToken As BoxApi.V2.Authentication.OAuth2.OAuthToken

        clientID = "My client id"
        clientSecret = "My client secret"

        Dim tokenProvider As New TokenProvider(clientID, clientSecret)

        '''' Reading Refresh token from the file
        Dim streamReader As StreamReader
        streamReader = System.IO.File.OpenText(Server.MapPath("~\\Box\\BoxApiRefreshToken.txt"))
        oldRefreshToken = streamReader.ReadToEnd()
        streamReader.Close()

        newToken = tokenProvider.RefreshAccessToken(oldRefreshToken)

    Dim boxManager As New BoxManager(newToken.AccessToken)

        'Dim boxManager As New BoxManager("My Developer Token")

        '''' Writing the new Refresh token to the file
        Dim streamWriter As New StreamWriter(Server.MapPath("~\\Box\\BoxApiRefreshToken.txt"))
        streamWriter.Write(newToken.RefreshToken)

        'streamWriter.Write("My Developer Token")

        streamWriter.Close()
    enter code here
    End Sub

End Class
John Hoerr
  • 7,955
  • 2
  • 30
  • 40
Sukumar Reddy Narra
  • 23
  • 4
  • Questions: 1. Are you certain that the refresh token that you're sending is valid? 2. Using Fiddler (or similar) what is the HTTP response from Box when you attempt to refresh the access token? – John Hoerr Jun 26 '15 at 19:19
  • Verified using Fiddler and the HTTP response from api.box.com:443 is 200 – Sukumar Reddy Narra Jun 29 '15 at 14:19
  • BoxApi.V2.BoxException was unhandled by user code HResult=-2146233088 Message=Invalid refresh token RetryAfter=0 ShortDescription=invalid_grant Source=BoxApi.V2 StackTrace: at BoxApi.V2.BoxRestClientBase.Try(IRestRequest request, HttpStatusCode lastResponse) at BoxApi.V2.BoxRestClientBase.Execute(IRestRequest request) at RestSharp.RestClient.Execute[T](IRestRequest request) at BoxApi.V2.BoxRestClientBase.ExecuteAndDeserialize[T](IRestRequest request) at BoxApi.V2.Authentication.OAuth2.TokenProvider.RefreshAccessToken(String refreshToken) – Sukumar Reddy Narra Jun 29 '15 at 14:22
  • I am sending the correct refresh token. Verified by sending the string like: Dim boxManager As New BoxManager("mnnn0NPtAIPIbVwghxG8XTGivcTHhxa0") – Sukumar Reddy Narra Jun 29 '15 at 14:32
  • Are you sending the same refresh token every time? – John Hoerr Jun 29 '15 at 16:41
  • No! Every 1 hour, I am generating this using "Create Developer token" from our enterprise account. – Sukumar Reddy Narra Jun 29 '15 at 16:52

1 Answers1

1

Ok, so there are a few things going on here.

  1. Box's OAuth2 implementation involves two distinct tokens that are issued as a pair:

    • The Access token, which authorizes API requests and expires after ~60 minutes
    • The Refresh token, which is used to periodically fetch a new Access/Refresh token pair. This expires after 60 days, or after its first successful use, whichever comes first.

  2. When you use the Create Developer token feature on Box's website, you are only getting an Access token. This cannot be refreshed (because you are not issued a corresponding refresh token) nor can it be used to refresh other access tokens.

  3. In order to get a refreshable token pair, you need to perform the entire OAuth2 workflow as documented by Box. This workflow must be performed in a web browser. I've set up simple web app that performs the workflow and gives you a refreshable token pair. Note that you must set your redirect_uri to https://box-oauth2-mvc.azurewebsites.net/ in order for that app to work properly.

  4. The token pair from (3) should be infinitely refreshable. Recall that every time you use a refresh token you'll receive a brand new access/refresh token pair. The original refresh token is invalidated after it's successfully used. The new refresh token must be used for the next refresh operation.

John Hoerr
  • 7,955
  • 2
  • 30
  • 40
  • Using your answer, I am able to connect and get the files/folders Create/download/upload to our Box.com Admin account from my development machine. My requirement is, to provide an upload/download files feature to our portal users on our existing internet application. I think, it is NOT a good idea to create refresh token every time and store in file for every upload/download attempt by every user(s), especially under 5 users/sec environment. – Sukumar Reddy Narra Jul 02 '15 at 19:01
  • Can you please recommend an effective approach to get connected to Box.com from our web pages without asking for any credentials to the users. I am using ASP.Net/VB.Net in Visual Studio 2010. – Sukumar Reddy Narra Jul 02 '15 at 19:02
  • Will all users belong to the same Box Enterprise? – John Hoerr Jul 02 '15 at 19:23
  • Yes, all users belongs to the same Box Enterprise. – Sukumar Reddy Narra Jul 03 '15 at 15:41
  • With an enterprise admin access token you can impersonate other users with the [As-User](https://box-content.readme.io/#as-user-1) header. Note that you must contact Box in order to get that functionality enabled for your application. – John Hoerr Jul 03 '15 at 17:58
  • I will contact Box.com and get "As-User" header ASAP. so, with that our web site (internet/intranet) users can upload/download files seamlessly without entering any credentials and don't even know that files are being stored at Box.com. And also, I don't need to refresh token every time and store in file for every upload/download attempt by every user(s) action? – Sukumar Reddy Narra Jul 03 '15 at 18:42
  • No, you don't need to refresh the token every time. Only when it expires. – John Hoerr Jul 06 '15 at 17:54
  • Not really sure what you're asking, but if you're considering SDKs use this: https://github.com/box/box-windows-sdk-v2. It's officially supported. I wrote another .Net SDK a long time ago before Box built the official one. – John Hoerr Jul 06 '15 at 18:49
  • This needs to be a presented as new question. – John Hoerr Jul 07 '15 at 18:26
  • http://stackoverflow.com/questions/31277255/as-user-header-enabled-with-our-enterprise-admin-account-with-box-com-box-api – Sukumar Reddy Narra Jul 07 '15 at 21:26