I'm using the 3.0.0.201609092037 version (the latest one) of the Box connector as I don't find any documentation or sample code to get the refresh token, I wrote my own flow to get it.
I achieve to execute the Authorize action with the connector and then my intension is to send a request to Box API to this url: https://api.box.com/oauth2/token in order to get an access_token and also a refresh_token (I got the API info from here https://docs.box.com/reference#token).
The problem is, once my flow has been authorized and I get access_code, and I'm using it to send it to Box I always am receiving this:
{
"error": "invalid_grant",
"error_description": "The authorization code has expired"
}
I checked all the information and I it suppose to be good, the response I'm expecting is:
{
"access_token": "T9cE5asGnuyYCCqIZFoWjFHvNbvVqHjl",
"expires_in": 3600,
"restricted_to": [],
"token_type": "bearer",
"refresh_token": "J7rxTiWOHMoSC1isKZKBZWizoRXjkQzig5C6jFgCVJ9bUnsUfGMinKBDLZWP9BgR"
}
So I'll be able to store those properties and refresh the token if is needed.
Here how my flow looks like:
and Here my XML definition:
<?xml version="1.0" encoding="UTF-8"?>
<mule xmlns:dw="http://www.mulesoft.org/schema/mule/ee/dw" xmlns:scripting="http://www.mulesoft.org/schema/mule/scripting" xmlns:tls="http://www.mulesoft.org/schema/mule/tls" xmlns:json="http://www.mulesoft.org/schema/mule/json" xmlns:objectstore="http://www.mulesoft.org/schema/mule/objectstore" xmlns:http="http://www.mulesoft.org/schema/mule/http" xmlns:tracking="http://www.mulesoft.org/schema/mule/ee/tracking" xmlns:box="http://www.mulesoft.org/schema/mule/box" xmlns="http://www.mulesoft.org/schema/mule/core" xmlns:doc="http://www.mulesoft.org/schema/mule/documentation"
xmlns:spring="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-current.xsd
http://www.mulesoft.org/schema/mule/core http://www.mulesoft.org/schema/mule/core/current/mule.xsd
http://www.mulesoft.org/schema/mule/http http://www.mulesoft.org/schema/mule/http/current/mule-http.xsd
http://www.mulesoft.org/schema/mule/box http://www.mulesoft.org/schema/mule/box/current/mule-box.xsd
http://www.mulesoft.org/schema/mule/ee/tracking http://www.mulesoft.org/schema/mule/ee/tracking/current/mule-tracking-ee.xsd
http://www.mulesoft.org/schema/mule/objectstore http://www.mulesoft.org/schema/mule/objectstore/current/mule-objectstore.xsd
http://www.mulesoft.org/schema/mule/json http://www.mulesoft.org/schema/mule/json/current/mule-json.xsd
http://www.mulesoft.org/schema/mule/ee/dw http://www.mulesoft.org/schema/mule/ee/dw/current/dw.xsd
http://www.mulesoft.org/schema/mule/scripting http://www.mulesoft.org/schema/mule/scripting/current/mule-scripting.xsd
http://www.mulesoft.org/schema/mule/tls http://www.mulesoft.org/schema/mule/tls/current/mule-tls.xsd">
<http:listener-config name="HTTP_Listener_Configuration" host="0.0.0.0" port="8081" doc:name="HTTP Listener Configuration" protocol="HTTPS">
<tls:context>
<tls:key-store type="jks" path="OBKeytore.jks" keyPassword="password" password="password"/>
</tls:context>
</http:listener-config>
<box:config-with-oauth name="Box__OAuth_2_0" clientId="my_client_id" clientSecret="My_secret" doc:name="Box: OAuth 2.0">
<box:oauth-callback-config domain="localhost" localPort="8081" remotePort="8081" path="callback" connector-ref="HTTP_Listener_Configuration"/>
<box:oauth-store-config objectStore-ref="_defaultInMemoryObjectStore"/>
</box:config-with-oauth>
<objectstore:config name="ObjectStore__Connector" partition="BoxAccessToken" persistent="true" doc:name="ObjectStore: Connector"/>
<http:request-config name="HTTP_Request_Configuration" host="api.box.com" port="443" basePath="/oauth2/" doc:name="HTTP Request Configuration" protocol="HTTPS"/>
<tls:context name="TLS_Context" doc:name="TLS Context">
<tls:trust-store path="OBKeytore.jks" password="password" type="jks"/>
<tls:key-store type="jks" path="OBKeystore.jks" keyPassword="password" password="password"/>
</tls:context>
<flow name="Authorize">
<http:listener config-ref="HTTP_Listener_Configuration" path="/authorize" doc:name="HTTP"/>
<box:authorize config-ref="Box__OAuth_2_0" doc:name="Box"/>
<flow-ref name="GenerateAcessToken" doc:name="GenerateAcessToken"/>
</flow>
<flow name="GenerateAcessToken">
<logger message="Acess Token: #[flowVars['_oauthVerifier']]" level="INFO" doc:name="Logger"/>
<set-payload value="#[[
'grant_type' :'authorization_code',
'code':flowVars['_oauthVerifier'],
'client_id':'my_client_id',
'client_secret':'my_secret'
]]" doc:name="Set Payload"/>
<http:request config-ref="HTTP_Request_Configuration" path="token" method="POST" doc:name="HTTP">
<http:success-status-code-validator values="200,400"/>
</http:request>
<object-to-string-transformer doc:name="Object to String"/>
<logger message="#[payload]" level="INFO" doc:name="Logger"/>
<catch-exception-strategy doc:name="Catch Exception Strategy">
<object-to-string-transformer doc:name="Object to String"/>
<logger message="#[payload]" level="INFO" doc:name="Logger"/>
</catch-exception-strategy>
</flow>
</mule>
I have to mention that I already tried to use POSTMAN with the same params, replacing the code (as far I know it is valid for 30 secs) and getting the same response.
Here some more information:
Anypoint Studio version: 6.1.1 Server Runtime: 3.8.1 EE
It sounds like the OAuth authorization configuration of the HTTP requester might be required as described for a Mule Server trying to access the resources that belong to a Box user and that are held in a Box server: https://docs.mulesoft.com/mule-user-guide/v/3.8/authentication-in-http-requests
http://mulesoft.github.io/box-connector/3.0.0/apidocs/box-apidoc.html#_oauth_2_0_server_to_server and this example of managing OAuth tokens that uses Box as an example might be worth a look if you haven't seen it.