How to invalidate a downscoped token generated by SDK?

The generate downscoped token is valid for almost one hour. Let’s say i want to invalidate token after 20 minutes(Logout usecase).

I am getting the following error,
The API returned an error code
{“error”:“invalid_request”,“error_description”:“The client is invalid”}

The following specified code is not working.
box-java-sdk/doc/ at main · box/box-java-sdk · GitHub

Is there any other way, we can achieve this functionality ?


I’m only guessing, as there is no code sample provided, that client used to revoke token was created without setting clientId and clientSecret. If you configure that all should work as expected:

public class DownscopedToken {
  public static void main(String[] args) {
    var api = ... // create your API connection

    List<String> scopes = new ArrayList<String>();
    var downscopedToken = api.getLowerScopedToken(scopes, "");

    // is you just use new BoxAPIConnection(downscopedToken.getAccessToken()) this will fails with `invalid_request - The client is invalid`
    var downscopedApiConnection = new BoxAPIConnection(api.getClientID(), api.getClientSecret(), downscopedToken.getAccessToken(), null);
  // success token is invalid

HI @kberdychowski, Thanks for the snippet. It is working fine.