0

I wrote a program in node.js to fetch the access token to call the box apis, unfortunately I am getting an error "invalid_client" which is either "client ID or secret are wrong" as per the documentation. I am pretty sure that both client id and secret are correct since it worked fine for me while doing ajax calls from UI.

Here is the piece of code I am using

{{{
if(queryData && queryData.code) {
    var code = queryData.code;
    var data = {
        "grant_type" : 'authorization_code',
        "client_id" : 'alpha-numeric-id',
        "client_secret" : 'alpha-numeric-secret',
        "code": 'actual-code-given-in-redirect-uri'
    };

    var options = {
        'url': 'https://www.box.com/api/oauth2/token',
        'proxy': 'http://corporate-proxy-url:port',
        'headers': {
            'accept': 'application/json',
            'accept-language': 'en'
        },
        'json': data,
        'timeout': 5000
    };      

    request.post( options, function ( err, response, body ) {
        if ( err ) {
            console.log("====error====");
        } else {
            console.log("====success=====");
            console.log(response.statusCode);
            console.log(body);
        }
    } );
}
}}}

It would be helpful if someone could figure out whats wrong in my code.

Thanks in advance.

Prats
  • 1,745
  • 4
  • 24
  • 28
  • I suspect the values are correct but the request is not in the correct format. – AlexMA Jul 07 '14 at 15:58
  • I am sorry if am wrong, isnt the url to fetch access token is "https://app.box.com/api/oauth2/token". Also, your corporate proxy doesn't need user name and password? if you have considered it already then ignore this point. – Savaratkar Sep 09 '14 at 04:09

1 Answers1

1

Looks like you're hitting the wrong URL: No www.box.com/api for any API calls AFAIK

According to the documentation, it's app.box.com/api/oauth2/authorize? for your first OAuth2 call to do the Authorize and api.box.com/oauth2/token for the Token call, and all subsequent API calls. api.box.com/2.0/

So step 1 : Authorize: 

GET https://app.box.com/api/oauth2/authorize?response_type=code&client_id=MY_CLIENT_ID&state=security_token%3DKnhMJatFipTAnM0nHlZA

Step 1.5 user logs onto Box, and you get called back by Box...

Step 2: Get your token

curl https://app.box.com/api/oauth2/token \
-d 'grant_type=authorization_code&code={your_code}&client_id={your_client_id}&client_secret={your_client_secret}' \
-X POST

Step 3: Call APIs:

curl https://api.box.com/2.0/folders/FOLDER_ID/items?limit=2&offset=0 \
-H "Authorization: Bearer ACCESS_TOKEN"
Peter
  • 2,551
  • 1
  • 14
  • 20