Saviynt unveils its cutting-edge Intelligence Suite products to revolutionize Identity Security!
Click HERE to see how Saviynt Intelligence is transforming the industry. Saviynt Copilot Icon
This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Box App Provisioning (REST) - Access Token Expiration Issue

amanmalakar007
New Contributor III
New Contributor III

‎10/24/2024 10:24 PM

Hi Saviynt family,

TL;DR: Box App's access token expires every 60 minutes. Occasionally, a Box API call takes longer than 60 minutes to respond, causing the token to expire while waiting for the response. This results in an "invalid_token" error, the connection closing, and the task failing. We need a solution to re-invoke ConnectionJSON midway to refresh the access token.

Detailed Scenario:

We have a requirement to deprovision a user's Box account. First, we archive the user's Box files to an admin folder, and then we delete the account once the archival is successful.

Typically, the Box API responds quickly, usually within a few seconds. However, if a user has a substantial amount of data (in terabytes) stored in their Box Cloud Drive, the API responsible for archiving those files may take longer than 60 minutes to respond. In such cases, the access token expires, resulting in the "invalid_token - The access token provided is invalid" error in the Saviynt logs.

We encountered this exact same issue discussed in this Saviynt forums thread: click here 

We have tried the suggested solution from that thread (i.e., adding 'retryFailureStatusCode' to ConnectionJSON), but the issue still persists. We need Saviynt to recognize that the access token expires after 60 minutes and refresh it midway, so that Box doesn’t return the "invalid_token" error and the connection remains active.

I am attaching our ConnectionJSON that we are using right now :

{
    "authentications": {
        "userAuth": {
            "authType": "oauth2",
            "url": "https://api.box.com/oauth2/token",
            "httpMethod": "POST",
            "httpParams": {
                "client_id": "xxxxxxxx",
                "client_secret": "xxxxxxxx",
                "grant_type": "refresh_token",
                "refresh_token": "${refresh_token}"
            },
            "httpHeaders": {
                "Content-Type": "application/x-www-form-urlencoded"
            },
            "httpContentType": "application/x-www-form-urlencoded",
            "expiryError": "ExpiredAuthenticationToken",
            "authError": [
                "USER_AUTHENTICATION_FAILED",
                "invalid_token",
                "PARTNER_AUTHENTICATION_FAILED",
                "AuthenticationFailed"
            ],
            "refreshType": "RefreshToken",
            "refreshTokenResponsePath": "refresh_token",
            "refreshToken": "xxxxxxxxxx",
            "timeOutError": "Read timed out",
            "errorPath": "errorCode",
            "maxRefreshTryCount": 5,
            "tokenResponsePath": "access_token",
            "tokenType": "Bearer",
            "retryFailureStatusCode": [401,400],
            "accessToken": "Bearer xxxxxxxxxxx"
        }
    }
}

Error from Saviynt logs:

DEBUG rest.RestProvisioningService - Got Webservice API Response: [headers:[date: Wed, 23 Oct 2024 12:59:37 GMT, x-envoy-upstream-service-time: 3, strict-transport-security: max-age=31536000, www-authenticate: Bearer realm="Service", error="invalid_token", error_description="The access token provided is invalid.", box-request-id: xxxxxxxxxxxxxxxxxxxxxxxx, via: 1.1 google, Content-Length: 0, Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000], responseText:, cookies:[], statusCode:401]

We seek your help to provide us with a solution to this problem. Thank you in advance!

Regards,

Aman Malakar.

 

0 Kudos
0 REPLIES 0
Copyright © 2024 Khoros, LLC