I have a 3rd-party app that connects to Box using the API/OAuth2 implementation. Is there a way within the Box OAuth2 implementation to know which users need to get a new refresh_token before their 60 days is up? I'd like to send them an email reminder to re-grant my app access to their Box accounts a few days before it expires.
Related
Is there anyway to get a permanent oauth2 token for Google Sheet API or a semi permanent ?
The one I'm using right now expires once every 7 days which is not very helpful.
If not, is there any alternative for an online spreadsheet application that you can connect with python ?
This depends upon what you are doing if you are accessing a sheet that you own personally then you could use a service account. Service accounts are preauthorized and will not expire.
If you are access sheets that are owned by your users then you will need to use Oauth2. If you request off line access then you will get what is called a refresh token. Refresh tokens can be used to request new access tokens when the access token expires.
As you say that the token is expire after seven days implies that you are using an a refresh token currently. However you have not set your project in google cloud platform to production. As it is still in testing your refreshtoken will expire after seven days.
A Google Cloud Platform project with an OAuth consent screen configured for an external user type and a publishing status of "Testing" is issued a refresh token expiring in 7 days.
How to switch to production.
Go to Google cloud console for your project
Find the Oauth consent screen on the left.
Click got to production
I am building a website where the users can schedule a meeting between two persons. In this meeting, there will also be a third person that will ALWAYS be the same and always be there.
My idea was, on the admin panel, make this third user logout and when there is a request for a meeting in the app, make a calendar event / Google Meet where the third account will invite the two users.
This action will be made automatically and these events will happen on the span of many months. I wanted to know how often the user will have to connect. Can he connect just once and then the token for the requests is valid forever or will the third attendee have to login periodically in order to keep the token "fresh"?
Thanks!
The way oauth works is that when authorized you are granted an access token which will give you access to the users data for one hour. If when authorizing the user you request "offline" access as well then you will be given a refresh token.
The refresh token does not expire for the most part, and can be used to request a new access token at anytime. There by refreshing your access as needed.
Get a refresh token for this user and then just refresh the access as needed.
We have Google OAuth2 Web client at Google API Console
With the help of Oauth Web Client, we get Refresh token for each Users ( By using web Authentication & Concert Screen )
We store received Refresh Token to database and, System user this user specific Refresh token to create Google Calendar Event automatically on behalf of logged in user ( We have around 1000 Users)
Problem : Since couple of days Refresh Token has been expired automatically and getting following error.
{
"error": "invalid_grant",
"error_description": "Token has been expired or revoked."
}
When user do re-registration System receive new Refresh token and everything again start working, however after some time ( no sure but in less then day or two ) again they start getting Token has been expired or revoked error.
Is there any Limit has been expose on Refresh Token ?
Is there any Limit to get Refresh Token by using Same API Client? ( We have individual 1000 Gsuit or Gmail user who have registered for Refresh Token individually using by using their person Gmail or Gsuit Account)
Is there any API change to get long live Refresh token ?
Regards,
DP
Your Questions
Is there any Limit has been expose on Refresh Token ?
You can authorize a user and get a refresh token, then authorize the same user again and get a second refresh token. The user now has two outstanding refresh tokens and both work. You can do this up to fifty times and have fifty outstanding refresh tokens for this user. Once you do it again the first one will expire.
You can have fifty out standing refresh tokens for a user so if you are re authorizing them make sure that you are replacing the one stored in your database with the newest refresh token.
Is there any Limit to get Refresh Token by using Same API Client? ( We have individual 1000 Gsuit or Gmail user who have registered for Refresh Token individually using by using their person Gmail or Gsuit Account)
Your client can authorize as many users as you like. There is no limit to the number of users you system can have.
Is there any API change to get long live Refresh token ?
Not that i am aware of
The error message
There are a couple of things that could be happening here.
The first being that the user has the power to revoike your access though the their google account. It looks to me like this may be what is happening.
The second issue is the fact that its October and Google daylight savings time is kicking in. Several years ago there was an issue with daylight savings time expiring tokens.
Third issue is that if your refresh token has not been used in the last six months it will be expired by google.
The fact of the matter is that refresh tokens are not perfect due to the above reasons. Your system should be designed to handle this if the refresh token fails then simply set it up to ask the user for access again.
{ "error": "invalid_grant", "error_description": "Token has been expired or revoked." }
I am developing a Google action and added account linking
In the linked image you can see the settings I did in Action console->Account linking.
Action console Account linking
In AuthO Applications added all fields necessary, JWT Expiration set to 604800 also in APIs setting I have updated Token Expiration (Seconds) to Token Expiration (Seconds)
Auth0 application setting
Auth0 api settings
Account linking works perfectly but after 24 hours, my Google action prompts the user to ‘link the account again’, Even though I changed the JWT expiration to 7 days(604800 seconds) and Token Expiration to 7 days, I don’t know why action asks the user to link there account again after 24 hours. Is there anything I left out.
Kindly help me in this regard as it is very important me to publish action and running over my deadline
While the Assistant not accepting the long Access Token, the stranger thing is that it should be using a Refresh Token to get a new Access Token instead of requiring the user to re-link the accounts.
Assuming you're using the auth token flow (and it looks like you are), Auth0 will send a Refresh Token if you request the offline_access scope.
It looks like you're requesting _offlineaccess, which isn't the right scope. Changing this to the correct string (or adding it) should give the Assistant a Refresh Token, so it won't re-prompt the user unless the token is revoked.
I have an iOS application which needs to work like this:
Use Parse.com framework for custom cloud API and database.
As Box is HISPAA compliant, we need to store the files on box storage.
The problem is that we are already authenticating the user via Parse and we want to use only one account for Box API without asking the app user to login to box API. My question here is:
Box uses OAuth 2.0 to perform authentication. On success it generates a token which is further used in all API calls. Can we store this token on the server and send it to all clients for further use? In this way we wont have to authenticate the user for box API.
Will the same API token work from different devices ?
Do we need to refresh the token after a certain period of time?
Once you have a valid Box token, you can use it both server side, on the client, or on multiple clients/servers. For example, if you have a user that has a phone and a tablet, you can use the same auth token to call the Box API on both devices. However, we highly recommend that you have only one pair of tokens per Box user.
You will need to refresh the access token every 60 mins and the refresh token every 14 days. Once they are refreshed, the timer will start over for both sets of tokens (60 mins and 14 days).
Here is our tutorial that has more details: http://developers.box.com/oauth/