OAuth2 Authentication auth_url not working
Hi I am currently trying to Authenticate box. I am following the readme page found on github. When running the script on powershell, the script does not automatically redirecting me to the auth_url site. I have to copy and paste the link onto a browser to accept/deny access.
Next, I am getting an issue on the following lines of code:
" assert 'THE_CSRF_TOKEN_YOU_GOT' == csrf_token
access_token, refresh_token = oauth.authenticate('YOUR_AUTH_CODE') "
I copied this from the Readme page, what is "THE_CSRF_TOKEN_YOU_GOT"? Where and how do you get this token?
Thank you,
Alan
Code:
from boxsdk import OAuth2
from boxsdk import Client
global csrf_token
#create OAuth client & csrf token
client_ID = "client_id"
client_SECRET = "client_secret"
oauth = OAuth2(
client_id=client_ID,
client_secret=client_SECRET,
)
auth_url, csrf_token = oauth.get_authorization_url('REDIRECT_URL')
print(csrf_token)
#copy and paste link to web browser
print(auth_url)
assert 'THE_CSRF_TOKEN_YOU_GOT' == csrf_token
access_token, refresh_token = oauth.authenticate('YOUR_AUTH_CODE')
-
Hi ,
Happy to see if I can help here. There are a few items I should address here:
- Redirect: If your working strictly with OAuth 2, and not JWT / OAuth 2, then you're right, you'll have to have a browser component in place to redirect the user to Box to log in and approve the application permissions. If you switch to using JWT you won't have to go through that process. Here's info on the JWT app setup in case you want to take a look - it might be better for your use case.
- CSRF token: This is a random value that you pass through from the first step of the OAuth 2 process, which passes through the redirect / approval, and is provided back to you when you exchange the code parameter you get for an access token. This is a value that you set, and can be any string you'd like. The Python examples in this guide will walk you through those steps.
Hope that helps,
Jon
Please sign in to leave a comment.
Comments
1 comment