如何在没有Box授权页的情况下获取访问令牌 [英] How to get an access token without Box’s authorization page

问题描述

我已被授予访问（协作）文件夹的权限。我需要的是每天访问该文件夹并从中获取文件。现在，我生成的开发人员令牌将在1小时后过期。有没有一种方法可以在没有第一回合的情况下获得授权代码，这需要用户界面。这样，我每次获取文件时都可以刷新访问令牌。

I have been granted access(collaborate) in a folder. What I need is to access the folder daily and fetch files from it. Right now the developer token I generate expires in 1 hour. Is there a way I can get the authorization code without the first leg, which requires a user interface. This way I can refresh the access toke whenever I fetch files.

推荐答案

您应该能够在无需授权的情况下刷新令牌。码。当访问令牌被发回时，还会向您发出刷新令牌。

You should be able to refresh the token without getting an authorization code. When the access token is sent back, a refresh token is also issued to you.

{
    "access_token": "T9cE5asGnuyYCCqIZFoWjFHvNbvVqHjl",
    "expires_in": 3600,
    "restricted_to": [],
    "token_type": "bearer",
    "refresh_token": "J7rxTiWOHMoSC1isKZKBZWizoRXjkQzig5C6jFgCVJ9bUnsUfGMinKBDLZWP9BgR"
}

您应将此刷新令牌存储在安全的地方（钥匙串，加密的数据存储区，类似的地方），

You should store this refresh token somewhere secure (keychain, encrypted datastore, something similar) and use it to refresh the session when it expires.

您可以告诉会话过期，当您从Box收到任何API请求的401未经授权的响应并且看到WWW时-使用值Bearer realm =验证头。

You can tell the session is expired when you receive a 401 Unauthorized response from Box for any API request AND you see a WWW-Authenticate header with the value Bearer realm=.

流应类似于：

1）日志进入Box并获得授权码

1) Log into Box and get an authorization code

2）将授权码换成ACCESS TOKEN和REFRESH TOKEN对（这只需要做一次！）

2) Exchange the authorization code for an ACCESS TOKEN and REFRESH TOKEN pair (this only needs to be done once!)

3）存储刷新令牌

4）开始使用API​​进行请求

4) Begin making requests with the API

5）当在API响应中收到带有WWW-Authenticate头的401 Unauthorized时，请向Box发出www-form-urlencoded POST请求，如下所示：

5) When a 401 Unauthorized is received with a WWW-Authenticate header in an API response, issue a www-form-urlencoded POST request to Box like this:

curl https://www.box.com/api/oauth2/token \ -d 'grant_type=refresh_token&refresh_token={valid refresh token}&client_id={your_client_id}&client_secret={your_client_secret}' \ -X POST

如果成功，您将获得新的访问权限令牌并刷新令牌对。存储新的刷新令牌，将旧的访问令牌替换为新的令牌，然后从以前的失败调用中恢复API调用。

If successful, you'll be issued a NEW access token AND refresh token pair. Store the new refresh token, swap out the old access token for the new one, and resume your API calls from your previous failed call.

希望有帮助！

这篇关于如何在没有Box授权页的情况下获取访问令牌的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！