Maintaining Box refresh / access tokens in a disrtibuted system

Question

We have multiple servers that access Box, so we turn off auto-refresh.

connect.setMaxRequestAttempts(1);
connect.setAutoRefresh(false);

Assumptions gathered from unit tests:

• Previous access tokens < 1hr old can still be used for access
• A token pair can be refreshed multiple times, as long as a newer token pair has not been used for access.

Given that, it appears you can have multiple readers with one writer updating the token pair, even if a reader gets the previous token pair, it should be fine (for access).

We ensure that only one thread in the system updates the tokens, but yet are having issues with 401 errors in spite of locking down the token updates. It seems there something wrong with the assumptions above.

Answer 1

你的假设很接近。这是预期的行为：

• 除非请求新令牌，否则令牌有效期为一小时 用过的。
• 如果请求但未使用新令牌，则旧令牌为 仍然有效（假设它不到一个小时）。
• 如果请求并使用了新令牌，则旧令牌为 无效。