Hi I'm trying to login a user to Box.com from a webpage. I accomplished the first part with a simple HTML form submit:
<form action="https://www.box.com/api/oauth2/authorize" type="POST" enctype="application/x-www-form-urlencoded">
<input type="text" name="response_type" value="code">
<input type="text" name="client_id" value="[REMOVED]">
<input type="text" name="state" value="vexhax97td8xf_SomeTemporaryValueForTesting">
<input type="submit">
</form>
This works fine, and I get the authorization code from the query parameters using javascript. I then try the same thing to get the access code (the auth-code is set by javascript on page load):
<form action="https://app.box.com/api/oauth2/token" type="POST" enctype="application/x-www-form-urlencoded">
<input type="text" name="grant_type" value="authorization_code">
<input id="auth-code" type="text" name="code" value="">
<input type="text" name="client_id" value="[REMOVED]">
<input type="text" name="client_secret" value="[REMOVED]">
<input type="submit">
</form>
But I get an "Invalid grant_type parameter or parameter missing" error. Plus this wouldn't be a good user experience to show the response json anyway. I've tried it without the enctype="application/x-www-form-urlencoded" and get the same error.
The Box tutorial does it with curl which obviously isn't an option on a webpage. How do I get the access token without hitting the "Invalid..." error and is there a way to do this via javascript behind the scenes?
