Authorize user API with "ip" like parameters in URI will result in 403 forbidden
According to the "Authorize user" API document, the "state" may contain a "custom string of your choice."
Recently we find out that if sending the request with "ip" like parameters in URL, we will get 403 forbidden. For example:
https://account.box.com/api/oauth2/authorize?response_type=code&state=http://8.8.8.8
We need the IP-like in parameter to identify and verify a user on redirect.
Please help check this issue. Thank you!
-
Rona We have noticed that there's another post similar to this issue after we posted this one:
https://support.box.com/hc/en-us/community/posts/16198848730771-OAuth2-0-Authorization-URL-returns-403-Forbidden-However, we find out that we are not looped in the support case, so we do not know about the investigation progress.
Is it possible to notify us about the progress if there's any updates? (or loop us in the case)
Or create another case so that we can join the investigation.Thank you.
Please sign in to leave a comment.
Comments
1 comment