I was looking at Box's Java SDK at https://github.com/box/box-java-sdk-v2
I saw a sample snippet
String url = "https://www.box.com/api/oauth2/authorize?response_type=code&client_id=" + key + "&redirect_uri=http%3A//localhost%3A" + PORT;
try {
Desktop.getDesktop().browse(java.net.URI.create(url));
code = getCode();
System.out.println("code: " + code);
} catch (IOException e) {
e.printStackTrace();
}
"code" is used to to create "BoxOAuthToken"
This works fine!
My question : "code" has to be generated for every request. This involves launching the browser and having the user authenticate against Box. But what if I want to run this on a Web Server and expose a web-service? I'd like to have the users authenticate from their browser and let the Web Server invoke
BoxFolder boxFolder= client.getFoldersManager().getFolder("0",null);
ArrayList<BoxTypedObject> folderEntries = boxFolder.getItemCollection().getEntries();
and have it return the results to the client/users as JSON.
Any ideas on how this can be achieved?
For now, my Web-Server is directly invoking the APIs (eg. api.box.com/2.0/folders/0) using Apache Commons HTTP and passing the token with the "Authorization" header and that's working. But I was wondering if I could use the SDK.
You do not need to perform an OAuth handshake for every request. The getCode function binds to a socket to get the return call from Box which simulates a traditional handshake.
You can simply change your code to the following:
1) Use whatever you are doing to get the authorization token. This process should also give you a refresh token
2) set your BoxClient with the clientid, client secret, authorization, and refresh.
3) Make the call as you see there.
A couple of notes:
1) The access token is good for 60 minutes. You'll need use the refresh token to generate a new access token after this. The refresh token is good for 60 days. When you get a new access token, you'll get a new refresh token.