OAuth out-of-band (OOB) authentication

I am trying to do the "OAuth dance" using out-of-band authentication and I am running into a problem. 

Out-of-band authentication is implemented by Google, Microsoft, and others, to help with difficulties in OAuth authentication. Here is a writeup of the process using my motivation.

When creating the app to access the API, you provide a special string for the redirect URL: "urn:ietf:wg:oauth:2.0:oob". When I provide this string as the redirect URL on the Box app, I am told that this is not a valid URL.

I suspect that out-of-band authentication is not supported by Box - could it be?

If it already is, I will welcome some instruction.

Thanks!