box-java-sdk
box-java-sdk copied to clipboard
box
api.needsRefresh() always return true
Hi, api.needsRefresh() always returns true.
After getting the access token and refresh token I m persisting it. On next call (within few seconds) when I create connection via passing access token like below.
-
BoxAPIConnection api = new BoxAPIConnection("ACCESS_TOKEN"); if(api.needsRefresh()){} , it always return true. Checked api.getExpires() , it returns 0 although I got access token few seconds back.
-
In case api.needsRefresh() returns true but if I dont do api.refresh and try to upload file its working.
Questions:-
- Please suggest on why this thing is happening?
- new BoxAPIConnection("ACCESS_TOKEN") , does it always return new access token irrespective of valid access token?
- Do we have to close the BoxAPIConnection?
- For any new request do we have to create new BoxAPIConnection() connection?
- Is there any other authenticate way to determine access token is still valid or not?
Please suggest.
Regards Ajay
Hey @ajayaks,
I was able to reproduce the problem, the api.needsRefresh() function is not comparing the duration correctly. We will put this on our backlog and let you know when a fix is implemented.
As for your other questions:
1.) In the needsRefresh() function, the way we are comparing the token duration with the expires_in + buffer is not correct.
2.) new BoxAPIConnection("ACCESS_TOKEN") will create a BoxAPIConnection for you to make calls off of, if a valid access token is not passed in, it will not create a valid BoxAPIConnection.
3.) You do not need to close BoxAPIConnection
4.) You do not need to create a new BoxAPIConnection() for new requests.
5.) Once the needsRefresh() function is updated, this should be a good way to determine if an access token is valid or not. In the meantime you can have a manual check.
We will keep you updated on when the fix is released. If you have any other questions please reach out.
Thanks!
Thanks @carycheng , please suggest on below:-
-
As you mentioned in point 4 in your reply, "You do not need to create a new BoxAPIConnection() for new requests." , whats the other way to get the BoxAPIConnection?
-
As you mentioned in point 5 in your reply, "In the meantime you can have a manual check.", whats the manual way to check the valid access token and how to do that ? Do you have any example?
-
I have noticed one thing , If I save BoxApiConnection via save() method and then do restore() then needsRefresh() working properly, any reason why ?
-
I am doing like below , String state = api.save(); BoxAPIConnection api = BoxAPIConnection.restore(CLIENT_ID, CLIENT_SECRET, state); Here BoxAPIConnection.restore(CLIENT_ID, CLIENT_SECRET, state); is not creating new access token but the moment I call api.getAccessToken() it internally calls needsRefresh() and its creating access token correctly I think means if expired then creating new access token.
-
api.getExpires(), returns something like 3923000(I think its milliseconds) but ideally access token is max validity is 3600 secs, then whats this value?
Please suggest.
Regards Ajay
Hey @ajayaks,
Apologies for the late reply -
1.) I meant after creating a BoxAPIConnection you can use that same instance of BoxAPIConnection to make multiple SDK calls. There is no need to re-instantiate a BoxAPIConnection per call.
2.) For the manual check you would have to compare the time since last refresh of your token or time since token generation and manually track how long your token lives for since the token lifespan is fixed. Not ideal we understand, we are working on the fix and will update you when it is released.
3/4.) I will look into this
5.) Unfortunately that is what the API returns and we are only the wrapping layer around it.
Let us know if you run into any other issues!
Hi, Does the needsRefresh() and getExpires() functions work now? I created a BoxAPIConnection object, api by passing the accessToken and refreshToken
api = new BoxAPIConnection(appConst.CLIENT_ID,appConst.CLIENT_SECRET, accessToken, refreshToken);
The needsRefresh() always returns true irrespective of the expiry of tokens and getExpires() returns 0.
if(api.getExpires()==0) {
api.refresh();
accessToken = api.getAccessToken();
refreshToken = api.getRefreshToken();
// update tokens in file
}
Here the refresh() works for the first time which should update the token. Then I am calling getAccessToken to get the updated token but that also internally calls needsRefresh() and refreshes token if that returns true. Again the tokens get refreshed. So, here the accessToken and refreshToken that I get should be the updated ones, but that is not happening, the tokens are not getting updated. And when I run the code second time, api.refresh() call throws an exception -
Request processing failed; nested exception is com.box.sdk.BoxAPIResponseException: The API returned an error code [400] invalid_grant - Refresh token has expired
If there are any updates on the functions and if I am not doing something correctly please help me with that.
Thanks, Shipta
This issue has been automatically marked as stale because it has not been updated in the last 30 days. It will be closed if no further activity occurs within the next 7 days. Feel free to reach out or mention Box SDK team member for further help and resources if they are needed.
![stale[bot] avatar](https://avatars.githubusercontent.com/in/1724?v=4 "Published by a pub.dev verified publisher"){kind=small}
This issue has been automatically closed due to maximum period of being stale. Thank you for your contribution to Box Java SDK and feel free to open another PR/issue at any time.