Authentication with OAuth2 Guide Java

Follow

New post

bkhane

• December 17, 2018 06:09

Currently using the Box Guide "Authenticate with OAuth 2" with java

import org.bouncycastle.math.ec.ECCurve.Config;
import zero**removed**.config;
import com.box.sdk.BoxAPIConnection;
import com.box.sdk.BoxFolder;
import com.box.sdk.BoxItem;

public class auth {

	public static void main(String[] args) {
		// TODO Auto-generated method stub
		
		// Redirect user to login with Box
		String box_redirect = config.box_redirect
		  + "?response_type=code"
		  + "&client_id=" + config.client_id 
		  + "&redirect_uri=" + config.redirect_uri;

		
		res.redirect(box_redirect);   //res cannot be resolved 

		
		 get("/return", (req, res) -> {  //method not applicable for given arguments
			  // Capture auth code 
			  String code = req.queryParams("code");  
			        		
			  // Instantiate new Box API connection object
			  BoxAPIConnection client = new BoxAPIConnection(Config.client_id, Config.client_secret, code);
			   
			  // PERFORM API ACTIONS WITH CLIENT
			});

		
		
		
		
		}
		
	}

}

What does res stand for and how are the arguments for the get method defined.

beginner friendly answer please

thanks in advance  and kind regards

0

• 

  mwiller

  • December 17, 2018 10:19

   In this example, the `res.redirect()` and `get()` methods represent the Java web server redirecting the user to a specific URL, and handling a specific route (GET /return), respectively.  Depending on exactly what web server framework you're using, you may need to use different code to accomplish the same thing.

   

  0

  Comment actions Permalink
• 

  bkhane

  • December 26, 2018 00:51

  I'm new to programming and I don't really know a way to implement the authentication now.

  I've looked it up but I'm not finding any sample code for the OAuth User authentication. 

  Could someone who implemented the OAuth 2.0 share a working code example so I can try to understand it from there?

  0

  Comment actions Permalink
• 

  ericzz

  • March 06, 2019 14:24

  worse documentation ever, I had same problem.

  0

  Comment actions Permalink
• 

  vmaker

  • March 15, 2019 15:52

  Thanks for your feedback. Keep an eye out for Java sample apps that should help with what you're trying to accomplish!

  0

  Comment actions Permalink
• 

  kavyashree

  • March 27, 2019 23:18

  Hi,  I need to authenticate and grant access to app using api in java. None of the sample shows how to authorize and user and get an authorization code in java for box... Could you guys please share any sample code for invoking authorize api in java.

  Thanks in advance.

  0

  Comment actions Permalink
• 

  chadderack

  • July 06, 2019 15:19

  I think the misunderstandings come from people trying to implement a desktop or desktop-like application that can receive an auth code and continue from there.
  
  I have a similar open question, but using Box.v2 for .NET. There doesn't seem to be a way to receive an auth code from BOX unless it comes from a redirect URL.

   

  In other words, the Box API will send an auth code to a URL that YOU SPECIFY. This means you need some kind of web service endpoint to pick up the call so you can take the auth code and create an OAuth2 session with it.
  
  Because your desktop application doesn't have a web endpoint (or can't listen to that web endpoint) you can't really pick up the redirect URL call from Box (unless your application implements some sort of web server).

   

  I wish BOX would provide a way to use an async event (from C#, in my case) that would return the auth code so that we could keep our application on the desktop and not be forced to implement it as a web application.
  
  
  Chad.

  0

  Comment actions Permalink
• 

  mwiller

  • July 08, 2019 09:34

   The typical ways I've seen this handled for desktop applications is to use either a webview controlled by the application, or have a redirect URL scheme that the application can receive directly.  Neither of these requires a web service to complete the OAuth2 flow; you should be able to use either depending on how your application is built.

   

  If your application can create a web view that it controls, you can use it to load the authorize page URL that you world normally redirect a user to.  In this scenario, your app can use a redirect URL like "http://example.com" or "http://localhost/"; when the web view is redirected to that URL with the auth code, you should be able to get the URL from the web view and parse the auth code out of the query parameters (e.g "http://example.com/?code= code>").

   

  Another option is to do what apps like Slack do, and register your application to handle a URL scheme like "yourapp://".  Then, if you set your app's redirect URL to something like "yourapp://authenticate", when the user finishes entering their credentials they will be redirected to your app, which will receive the auth code directly in the loaded URL with the custom scheme (e.g. "yourapp://authenticate?code=").

   

  Hopefully that helps!  The important takeaway here is that yes, Box will redirect to whatever URL you specify.  However, that URL does not need to point to a web service — it can point to your desktop application via a custom scheme, or can point to a dummy URL to allow the controlling client process to just read the URL from a web view.

  0

  Comment actions Permalink
• 

  chadderack

  • July 09, 2019 17:22

  Thanks  . There's some network magic going on there that I'm not qualified to implement. The engineer in me wonders how the Box server (somewhere far away) can resolve the location of a process (on my local machine) when all I provide to it is http://example or something.
  
  Thank you for the explanation. I'll have to try it out next time.
  
  
  Best,

  Chad.

  0

  Comment actions Permalink

Please sign in to leave a comment.