Hi, Box.com recently sent me the advice below, and I’d like to understand if this will cause your plugin to break and/or whether an update will be published if needed?
Dear Box Admin,
Per our records, you are using the Box Server-server JWT Token Authentication method. This method involves an access token.
This notification only applies to Server-server JWT tokens. If you are using Client-side OAuth 2.0, Server-side App tokens or Developer tokens, there is no impact to you. You can find an overview of these 4 different authentication methods here.
The documentation for the token says that we will return a token as a string. This continues to hold true. However, Box is changing the format of this token. Today, the token might look like this: UkUzkxcbyooZteXbjvnBctAA4kERGdBh
We are changing the format so that the token might look like the string below. The new token format is longer and has special characters.
1!yxxhRreQCKcEbC_ZfYvPudyLe7Ed36gIQcqqZo2pfaVZyxNBkQjoHk0fgA1iTY3_uwXgif-hg-gneaUdLRmGCb2He6tyQ_rA8aV-CllTyBbd9Tx-wU6Fnt4Df9XjzBAk8Dj7RYc1Ew_fcY2vfycpCvjwHLgqljzjEpVIrOpOlK_2AyP5FExzn0x7DtbkaGc6avJU8UMQd_huXoJ7CnXIL_JBzVrW4D32pBLQ2AZIuecOZNMIy9T8PdUiZIG6xKEPqYmm21mQHEM0d7dT5foSBtjm65-Ah2tb2MdSGFb1G1O24vz2GmYFgmIe5UOolqYIGg-0u2xQPC3F76WiNCiU_TP1JDQYi3HKaos807WkRtnBY5Vd-VAbY9DH-Qo3u1EiB0RFr4cht2N7VB99y-379IEYzCojL2V58dE_pBxpRMv4KcOLVsUfDkbx3uo34H4UzOycI_IWGWrhVJD4M7GeLeD_5VkmjfbwYl2CmHdXAKbZKtXTHjzB0CZixZriT_wRUpsN8GTrrxGbx9ukgzJWRJwelGZ_1Yx7vP4Zkx3OfR5Be-Tso7xdHd9rW0FXsu024U7dMNuQ6kpP1_kJI2Y
Please note that this is not a new format. This is the same format we use for
downscoping tokens. This new format will help Box scale this authorization service and as a result your API calls will be faster.
We will start deploying this change on August 4, 2021. In the meantime, we encourage you to validate that your applications can handle the new token format. The new tokens are in the same format as those used for downscoping Box tokens. You can create a new access token and then downscope it. If you are able to store the downscoped tokens successfully, you will also be able to store the new JWT token format and this means no changes are required from your end.
If you need any assistance in this, please reach out to jwt-set-rollout@box.com and we will be happy to help.
Sincerely,
The Box Team