box-java-sdk icon indicating copy to clipboard operation
box-java-sdk copied to clipboard
verified publisher icon box

Make "expiration time" to be configurable in BoxDeveloperEditionAPIConnection

Open ozhelezniak-talend opened this issue 3 years ago • 4 comments

Is your feature request related to a problem? Please describe.

For people with a bad internet connection, 30 seconds might be not enough to acquire a token. As a workaround, we can increase max attempts but maybe increasing the count of an expiration time for claims would be more efficient.

Describe the solution you'd like

Frankly, I don't like BoxGlobalSettings with statics variables, but it might be the solution. (with the additional setter in BoxDeveloperEditionAPIConnection) the same thing as we have for maxRetryAttemps.

Describe alternatives you've considered

Increase the max retry attempts and cross your fingers.

Additional context

ozhelezniak-talend avatar Oct 14 '22 07:10 ozhelezniak-talend

Hi @ozhelezniak-talend, I assume you using OAuth2 authentication type and you are referring to the expiration time of "short-lived authorization code" described here. If not please describe your issue with more details. The expiration time of "short-lived authorization code" is defined in authentication server and it is not possible to change this setting by client (SDK). If this is a problem you can also try another authentication methods: JWT or Client Credentials Grant. @lukaszsocha2

lukaszsocha2 avatar Oct 14 '22 09:10 lukaszsocha2

Hello @lukaszsocha2 Sorry for the lack of details. I'm using JWT authentication method.

BoxDeveloperEditionAPIConnection.getUserConnection(userId, boxConfig, null)

And when it tries to establish connection a bit deeper into stacktrace

connection.tryRestoreUsingAccessTokenCache();

it calls method

this.authenticate();

inside it contains those lines

            // Reconstruct the JWT assertion, which regenerates the jti claim, with the new "current" time
            jwtAssertion = this.constructJWTAssertion(jwtTime);

where inside constructJWTAssertion you can find this hardcoded 30 seconds period

        if (now == null) {
            claims.setExpirationTimeMinutesInTheFuture(0.5f);
        } else {
            now.addSeconds(30L);
            claims.setExpirationTime(now);
        }

ozhelezniak-talend avatar Oct 14 '22 09:10 ozhelezniak-talend

Hi @ozhelezniak-talend, now it is much more clear what you mean :). I will discuss the change with the team, but I believe we can make that configurable with the next release. I'll let you know what we decided. @lukaszsocha2

lukaszsocha2 avatar Oct 14 '22 12:10 lukaszsocha2

Hi, we created internal ticket to address your request (SDK-2704). We will plan it and resolve as soon as our schedule will allow for it. Best

lukaszsocha2 avatar Oct 17 '22 09:10 lukaszsocha2