unable to retrieve oauth2 refresh_token after it changes while connected to box.com api

362 views

Skip to first unread message

unread,

Sep 7, 2015, 8:12:39 PM9/7/15

to golang-nuts

I'm trying to use go with the box.com rest api. They hand out a new oauth2 refresh_token (and

invalidate the old one) each time a new access_token is requested (using the refresh_token).

Attached is a working bit of code to reproduce my problem (boxtest.go).

1. Sign up for a free box account

2. Create yourself an "app" via their developers interface "https://app.box.com/developers/services"

and set the oauth2 callback to "http://localhost:8080/oauth2callback"

3. Run this app and point your browser at http://localhost:8080

4. Click the "BoxLogin" and authenticate (getting the initial access and refresh tokens)

5. Fetch Folder 0 to confirm it's working

6. Click "ExpireToken"

7. Fetch Folder 0 - it works this time because the client refreshes the token - but I can't figure out how to preserve it for later use

I'd like my "StoreToken" method to get called here to grab a copy of the new refresh_token

8. Fetch Folder 0 - it bombs here because I'm still using the original access and refresh tokens which are now both invalid.

> Error returned by box:

> get files faled with 'Get https://api.box.com/2.0/folders/0: oauth2: cannot fetch token: 400 Bad Request

> Response: {"error":"invalid_grant","error_description":"Refresh token has expired"}'

So, I'd appreciate any advice on how to do this better. This is so far my best understanding as to how this should be

accomplished but I'm a bit new to go so if there is a better approach please advise!

Thanks,

John Hare

boxtest.go

unread,

Sep 8, 2015, 12:40:08 AM9/8/15

to golang-nuts

Since posting this I've found an alternate way to accomplish this via an http transport wrapper.

Here's a working example of the wrapper method:

However, this wrapper method seems like a bit of a hack and it would be nice to get some feedback on