Using the new OAuth 2 in Box

Question

I'm trying to use the new Box authentication API with OAuth. I would like to use the credential of the the box account I'm currently using to authorize my application.

The configuration of OAuth requests a redirection URI and I don't know what must be entered there. In the previous authentication method, the following URI was given http://www.box.net/api/1.0/auth/{ticket}, but this was done after getting the authentication ticket.

I'm new to OAuth so my question may be a bit obvious... but I'd like to know how to do the authentication with the credentials of a box account user.

I'm doing this in a Windows application, so I would also like to understand how to show the response from the request.

John117 · Answer 1 · 2013-09-07T12:18:38.190

When I was searching around for answers on creating a Box.net application for desktop trying to get the login authentication took more than that it really should have...

So I decided to put together an article on my website that talks through the process of creating a C# .Net 4.0 desktop application that can login and work with their SDK. This is using their new OAuth 2.0 login system.

Firstly we send the initial web request using a standard HttpWebRequest object to get the UI web page for the OAuth 2.0 login. Once the web response has been returned, we convert it into a Stream for our web-browser to consume. The redirect URI can be any HTTPS based URI.

string baseURI = "https://www.box.com/api/oauth2/authorize?";
string responseType = "&response_type=code";
string clientId = "&client_id=YOUR OWN CLIENT ID";
string redirectURI = "&redirect_uri=https://app.box.com/services/poc_connector"; 

var targetUri = new Uri(baseURI + responseType + clientId + redirectURI);
HttpWebRequest webRequest = (HttpWebRequest)WebRequest.Create(targetUri);

To inject the Stream into the web-browser control we use the document property

webBrowser1.DocumentStream = view;

Once that is done all the operations by the user are handled by the web-browser control. To capture the Authentication token when the user presses the "Grant access" button. We add an event listener for the web-browsers Navigated event.

private void webBrowser1_Navigated(object sender, WebBrowserNavigatedEventArgs e)
{
    if (e.Url.AbsolutePath != "blank" && e.Url.ToString().Contains("&code="))
    {
        Token = e.Url.ToString().Substring(e.Url.ToString().IndexOf("&code="));
        Token = Token.Replace("&code=", String.Empty);
        this.Close();
    }
}

Link my original article and source code: link

Note that [link-only answers](http://meta.stackoverflow.com/tags/link-only-answers/info) are discouraged, SO answers should be the end-point of a search for a solution (vs. yet another stopover of references, which tend to get stale over time). Please consider adding a stand-alone synopsis here, keeping the link as a reference. — kleopatra, Sep 07 '13 at 10:21

score 1 · Answer 2 · answered Dec 15 '12 at 21:22

1

The first step in the OAuth 2 process is sending the user to https://api.box.com/oauth2/authorize with response_type and client_id as parameters of the request. The redirect URL will be the same as what you set in V1. If you client_id was 123456, for example, you could direct the user to

https://api.box.com/oauth2/authorize?response_type=code&client_id=123456

See here for more info.

answered Dec 15 '12 at 21:22

seanrose

8,185
3
20
21

Sorry but I don't understand at all the documentation. In auth V1 I'm not using any redirect URL. I just get a ticket and call http://www.box.net/api/1.0/auth with the ticket. – user1466502 Dec 20 '12 at 14:16
1

Sorry but I don't understand at all the documentation. In auth V1 I'm not using any redirect URL. I just get a ticket and call http://www.box.net/api/1.0/auth with the ticket. I tried to put https://www.box.net/api/1.0/auth as OAuth needs a https URL but if I call https://api.box.com/oauth2/authorize?response_type=code&client_id={My client ID}, I get the Error: invalid_client. From what I can see the client_id is the same value as the V1 api_key, so as it works with the auth V1, I'm stuck with OAuth. If someone has a concrete example to login to a simple box account, highly appreciated! – user1466502 Dec 20 '12 at 14:27
1

@user1466502, your application desktop or web? Try set as redirect_uri any https URL (does not even exist). After input login/pwd data and allow action you get response from box.com, that will contain redirect by default to box.com, but also have in response body some tag (If I do not mistake: iframe) with your URL and code value – Yura Shinkarev Dec 25 '12 at 22:23
3

Why developers are forced to use such dirty hacks to simply authenticate to the API? Shouldn't there be any simpler way? – afrish Mar 14 '13 at 23:00

Using the new OAuth 2 in Box

2 Answers2