Child pages
  • Box OAuth 2 Question
Skip to end of metadata
Go to start of metadata


we are trying to automate a file upload from Emory to  The issue we are facing is how to get the access token from

Procedure to Get Key and Secret

Following the procedure listed here

1) Get a account

2) Register my application at here 

3) Select the scope, and Click "Create Application"

4) Click "Configure your Application" and Copy client_id and client_secret to  Fill in redirect_uri with http://localhost:4000 and save the configuration.

HelloWorld Success

We were able to follow the instruction at to complete the example.  Here are the result of a test run:






Output from the console:

GET /?state=&code=3dyxPDLa4i1zhkLyOtMd9T0rf8ejciTV HTTP/1.1

i:0, Type:folder, Id:2624015203, Name:TestFolder


However, HelloWorld example requires User intervention.  OAuth 2 protocol is supposedly to support grant_type=password such that Applications can get an access token by sending a username and password directly.  However, we were unable to.

Output from the console:


HTTP/1.1 200 OK

Response content length: -1

<!DOCTYPE html>


<html lang="en-US">



  window.location.href = "http://localhost:4000?error=invalid_request&error_description=Invalid+or+missing+response+type.";








Answer to this issue is that box does not fully support this OAuth 2 protocol.  Automatic authentication is achieved by using secret_key etc and login/password the first time, get the refresh token, then update the refresh_token every time you use it since it can only be used once.  The source code on the project will tell you precisely how this is achieved.

Working project source code is at subversion emoryoit/project/emory-recorddump-service


  • No labels