How to get an access token without Box’s authoriza

2019-02-05 06:33发布

问题:

I have been granted access(collaborate) in a folder. What I need is to access the folder daily and fetch files from it. Right now the developer token I generate expires in 1 hour. Is there a way I can get the authorization code without the first leg, which requires a user interface. This way I can refresh the access toke whenever I fetch files.

回答1:

You should be able to refresh the token without getting an authorization code. When the access token is sent back, a refresh token is also issued to you.

{
    "access_token": "T9cE5asGnuyYCCqIZFoWjFHvNbvVqHjl",
    "expires_in": 3600,
    "restricted_to": [],
    "token_type": "bearer",
    "refresh_token": "J7rxTiWOHMoSC1isKZKBZWizoRXjkQzig5C6jFgCVJ9bUnsUfGMinKBDLZWP9BgR"
}

You should store this refresh token somewhere secure (keychain, encrypted datastore, something similar) and use it to refresh the session when it expires.

You can tell the session is expired when you receive a 401 Unauthorized response from Box for any API request AND you see a WWW-Authenticate header with the value Bearer realm=.

The flow should look something like:

1) Log into Box and get an authorization code

2) Exchange the authorization code for an ACCESS TOKEN and REFRESH TOKEN pair (this only needs to be done once!)

3) Store the refresh token

4) Begin making requests with the API

5) When a 401 Unauthorized is received with a WWW-Authenticate header in an API response, issue a www-form-urlencoded POST request to Box like this:

curl https://www.box.com/api/oauth2/token \ -d 'grant_type=refresh_token&refresh_token={valid refresh token}&client_id={your_client_id}&client_secret={your_client_secret}' \ -X POST

If successful, you'll be issued a NEW access token AND refresh token pair. Store the new refresh token, swap out the old access token for the new one, and resume your API calls from your previous failed call.

Hope that helps!



回答2:

Found a nice package which answers my question. :) https://github.com/sookasa/box.py



回答3:

According to Sikppy Ta

You can save your first token in the file and using the refresh mechanism via such file.

Here is example

static String tokenUrl = "https://app.box.com/api/oauth2/token";

public String getTokenFromFile() throws Exception {

    String path = this.tokenFilePath;
    File file = new File(path);
    String line = "", token = "";
    try {
        BufferedReader br = new BufferedReader(new FileReader(file));
        while ((line = br.readLine()) != null) {
            token = line;
        }
        br.close();
    } catch (IOException e) {
        // TODO Auto-generated catch block
        e.printStackTrace();
    }
    String newRefleshToken = refleshToken(token);
    String accessToken = newRefleshToken.substring(17, 49);
    return accessToken;
}

For refreshToken, you need the HTTPClient

private String refleshToken(String tokencode) throws Exception {
    String accessToken = tokencode.substring(17, 49);
    String refleshToken = tokencode.substring(105, 169);
    tokencode = HttpURLConnectionExample.refreshToken(refleshToken);
        writeTokenToTextFile(tokencode);
        return tokencode;
    }

 public static String refreshToken(String newToken) throws Exception {


    String urlParameters = "grant_type=refresh_token&refresh_token=" + newToken + "&client_id=" + client_id + "&client_secret=" + client_secret;

    String result = sendPost(tokenUrl, urlParameters);
    return result;
}

Let me show the sendPost method

String sendPost(String url, String urlParameters) throws Exception {

   URL obj = new URL(url);
   HttpsURLConnection con = (HttpsURLConnection) obj.openConnection();

   //add reuqest header
   con.setRequestMethod("POST");
   con.setRequestProperty("User-Agent", USER_AGENT);
   con.setRequestProperty("Accept-Language", "en-US,en;q=0.5");

   // Send post request
   con.setDoOutput(true);
   DataOutputStream wr = new DataOutputStream(con.getOutputStream());
   wr.writeBytes(urlParameters);
   wr.flush();
   wr.close();

   int responseCode = con.getResponseCode();
   System.out.println("Response Code : " + responseCode);

   BufferedReader in = new BufferedReader(
           new InputStreamReader(con.getInputStream()));
   String inputLine;
   StringBuffer response = new StringBuffer();

   while ((inputLine = in.readLine()) != null) {
       response.append(inputLine);
   }
   in.close();

   return response.toString();
}


标签: box-api