Hi, I'm developing an app with Box integration. The app has only the client part, with no server. I'm not sure which authorization flow should I use, as the Box has only the `code` OAuth flow.
the first concern I have is exposing the 'client secret' code - I need to store is somewhere in a config file. Then there is refreshing the access token - with Box OAuth there is only the refresh token which I assuming is not the right choice for the web app either.
Could you please advice how to achieve safe authorization, ideally with some kind of "silent" refreshing of the access token?
Please sign in to leave a comment.