[Box Connector] CheckAndRefreshBoxAuthentication raising NoBoxAuthorizationCodeException

Forge Component
Published on 2018-12-04 by OutSystems R&D
7 votes
Published on 2018-12-04 by OutSystems R&D

Good afternoon!

As mentioned in the CheckAndRefreshBoxAuthentication description, it will raise a NoBoxAuthorizationCodeException if no authorization code is set. However, the Box API does not seem to require an authorization code in order to refresh an existing access token (and it seems like the OAuth2_Token implementation would handle a missing authorization code correctly by not attempting to pass it to the Box endpoint).

My question is therefore: is there any reason for raising a NoBoxAuthorizationCodeException or is it just an oversight?

Can you please explain with screen prints?? Also please provide what do you want to achieve. 

What I want to achieve is to link my users to Box accounts by storing their refresh tokens in the database, and then use the refresh tokens to retrieve new access tokens without having to pass the users through the Box OAuth flow after each re-log.

I expected to be able to achieve this by setting the refresh token and the using CheckAndRefreshBoxAuthentication to get a new access token. However, as shown in the attached screenshot, CheckAndRefreshBoxAuthentication will throw an exception if no authorization code is set - even though the authorization code is not required after the initial retrieval of a refresh token (a workaround is to set authorization_code to any non-empty string, as the authorization code isn't actually used for anything).