Child pages
  • Box OAuth 2 Question
Skip to end of metadata
Go to start of metadata

Introduction

we are trying to automate a file upload from Emory to box.com.  The issue we are facing is how to get the access token from box.com.

Procedure to Get Key and Secret

Following the procedure listed here https://developers.box.com/oauth/.

1) Get a box.com account

2) Register my application at here 

3) Select the scope, and Click "Create Application"

4) Click "Configure your Application" and Copy client_id and client_secret to HelloWorld.java.  Fill in redirect_uri with http://localhost:4000 and save the configuration.

HelloWorld Success

We were able to follow the instruction at https://developers.box.com/oauth/ to complete the HelloWorld.java example.  Here are the result of a test run:

 

 

 

 

 

Output from the console:

GET /?state=&code=3dyxPDLa4i1zhkLyOtMd9T0rf8ejciTV HTTP/1.1

i:0, Type:folder, Id:2624015203, Name:TestFolder

Issues

However, HelloWorld example requires User intervention.  OAuth 2 protocol is supposedly to support grant_type=password such that Applications can get an access token by sending a username and password directly.  However, we were unable to.

Output from the console:

----------------------------------------

HTTP/1.1 200 OK

Response content length: -1

<!DOCTYPE html>

 

<html lang="en-US">

 <head>

  <script>

  window.location.href = "http://localhost:4000?error=invalid_request&error_description=Invalid+or+missing+response+type.";

  </script>

  </head>

 <body>

 </body>

</html>

 

Answer

Answer to this issue is that box does not fully support this OAuth 2 protocol.  Automatic authentication is achieved by using secret_key etc and login/password the first time, get the refresh token, then update the refresh_token every time you use it since it can only be used once.  The source code on the project will tell you precisely how this is achieved.

Working project source code is at subversion emoryoit/project/emory-recorddump-service

 

  • No labels