Join BoxWorks in San Francisco Nov 12-13! Keynotes, product demos, and Box Master Classes. Reserve your spot!

Authentication with OAuth2 Guide Java

New post

Comments

8 comments

  • mwiller

     In this example, the `res.redirect()` and `get()` methods represent the Java web server redirecting the user to a specific URL, and handling a specific route (GET /return), respectively.  Depending on exactly what web server framework you're using, you may need to use different code to accomplish the same thing.

     

    0
    Comment actions Permalink
  • bkhane

    I'm new to programming and I don't really know a way to implement the authentication now.

    I've looked it up but I'm not finding any sample code for the OAuth User authentication. 

    Could someone who implemented the OAuth 2.0 share a working code example so I can try to understand it from there?

    0
    Comment actions Permalink
  • ericzz

    worse documentation ever, I had same problem.

    0
    Comment actions Permalink
  • vmaker

    Thanks for your feedback. Keep an eye out for Java sample apps that should help with what you're trying to accomplish!

    0
    Comment actions Permalink
  • kavyashree

    Hi,  I need to authenticate and grant access to app using api in java. None of the sample shows how to authorize and user and get an authorization code in java for box... Could you guys please share any sample code for invoking authorize api in java.

    Thanks in advance.

    0
    Comment actions Permalink
  • chadderack

    I think the misunderstandings come from people trying to implement a desktop or desktop-like application that can receive an auth code and continue from there.

    I have a similar open question, but using Box.v2 for .NET. There doesn't seem to be a way to receive an auth code from BOX unless it comes from a redirect URL.

     

    In other words, the Box API will send an auth code to a URL that YOU SPECIFY. This means you need some kind of web service endpoint to pick up the call so you can take the auth code and create an OAuth2 session with it.

    Because your desktop application doesn't have a web endpoint (or can't listen to that web endpoint) you can't really pick up the redirect URL call from Box (unless your application implements some sort of web server).

     

    I wish BOX would provide a way to use an async event (from C#, in my case) that would return the auth code so that we could keep our application on the desktop and not be forced to implement it as a web application.


    Chad.

    0
    Comment actions Permalink
  • mwiller

     The typical ways I've seen this handled for desktop applications is to use either a webview controlled by the application, or have a redirect URL scheme that the application can receive directly.  Neither of these requires a web service to complete the OAuth2 flow; you should be able to use either depending on how your application is built.

     

    If your application can create a web view that it controls, you can use it to load the authorize page URL that you world normally redirect a user to.  In this scenario, your app can use a redirect URL like "http://example.com" or "http://localhost/"; when the web view is redirected to that URL with the auth code, you should be able to get the URL from the web view and parse the auth code out of the query parameters (e.g "http://example.com/?code= code>").

     

    Another option is to do what apps like Slack do, and register your application to handle a URL scheme like "yourapp://".  Then, if you set your app's redirect URL to something like "yourapp://authenticate", when the user finishes entering their credentials they will be redirected to your app, which will receive the auth code directly in the loaded URL with the custom scheme (e.g. "yourapp://authenticate?code=").

     

    Hopefully that helps!  The important takeaway here is that yes, Box will redirect to whatever URL you specify.  However, that URL does not need to point to a web service — it can point to your desktop application via a custom scheme, or can point to a dummy URL to allow the controlling client process to just read the URL from a web view.

    0
    Comment actions Permalink
  • chadderack

    Thanks  . There's some network magic going on there that I'm not qualified to implement. The engineer in me wonders how the Box server (somewhere far away) can resolve the location of a process (on my local machine) when all I provide to it is http://example or something.

    Thank you for the explanation. I'll have to try it out next time.


    Best,

    Chad.

    0
    Comment actions Permalink

Please sign in to leave a comment.