Box API Implicit Login

1
votes

I have an iOS application which needs to work like this:

  1. Use Parse.com framework for custom cloud API and database.

  2. As Box is HISPAA compliant, we need to store the files on box storage. The problem is that we are already authenticating the user via Parse and we want to use only one account for Box API without asking the app user to login to box API. My question here is:

    Box uses OAuth 2.0 to perform authentication. On success it generates a token which is further used in all API calls. Can we store this token on the server and send it to all clients for further use? In this way we wont have to authenticate the user for box API. Will the same API token work from different devices ? Do we need to refresh the token after a certain period of time?

1
iosparse-platformbox-api
So, you plan on authenticating with Box from your Parse server and sending the token back to the client? - Marcus Adams
Yes that is correct. Do you think the token will work for the client ? - amandeepsingh

1 Answers

0
votes

Once you have a valid Box token, you can use it both server side, on the client, or on multiple clients/servers. For example, if you have a user that has a phone and a tablet, you can use the same auth token to call the Box API on both devices. However, we highly recommend that you have only one pair of tokens per Box user.

You will need to refresh the access token every 60 mins and the refresh token every 14 days. Once they are refreshed, the timer will start over for both sets of tokens (60 mins and 14 days).

Here is our tutorial that has more details: http://developers.box.com/oauth/