每次访问用户Box帐户是否都需要授权码? [英] Do I need authorization code each time for accessing user box account?
问题描述
我正在开发将与Box企业帐户进行交互的桌面应用。
I am developing a desktop app which will interact with box enterprise account.
当我的应用首次尝试访问管理企业帐户时,它将被重定向到装箱页。在接受管理员用户凭据后,Box最终将用户重定向到我的重定向URL。
此重定向的URL将具有授权码。
For the first time when my app will try to access Admin enterprise account it will be redirected to box page . Box finally redirects user to my redirected URL after accepting Admin user credentials. This redirected URL will have a authorization code. which is used to get access and refresh token.
我的问题是我可以保存此授权码以备将来使用。
My question is that can i save this authorization code for future use. ??
说一个月后,我的应用再次想要访问Admin企业帐户,那么我是否需要再次完成上述获取身份验证代码的步骤。 / p>
Say after one month my app again wants to access Admin enterprise account then Do i again need to go through the above steps of getting the auth code.??
推荐答案
好吧,可以,您可以保存访问权限并刷新令牌以备将来使用。注意事项:
Alok, yes, you can save the access and refresh tokens for future use. Some things to note:
- 在对API的每次请求中,访问令牌都必须通过Authorization标头包含。
- 访问令牌在1小时后过期。您可以使用刷新令牌来请求新的访问/刷新令牌对。
- 刷新令牌在
1460天后过期。如果您的应用程序需要执行一次每月的频率小于此频率,则需要创建一个计划任务或chron作业,以在此期间刷新访问/刷新令牌对。完成此任务/作业后,您可以无限刷新令牌。 - 如果访问令牌和刷新令牌都已过期,则用户必须再次手动验证您的应用程序。
- The access token must be included via an Authorization header on every request to the API.
- An access token expires after 1 hour. You can use the refresh token to request a new access/refresh token pair.
- A refresh token expires after
1460 days. If your application needs to perform amonthlyprocess less frequently than that, you'll need to create a scheduled task or chron job to refresh the access/refresh token pair in the interim. With this task/job in place you can refresh the tokens indefinitely. - If both the access and refresh tokens have expired, the user must manually authenticate your application again.
这篇关于每次访问用户Box帐户是否都需要授权码?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!