In light of the recent box announcement over stricter enforcement of redirect urls, we're trying to update our mobile apps (that use Box's SDKs) to work. We have one mobile app, available on both iOS and Android, and they both use the same OAuth2 client_id.
The situation seems to be:
a. The iOS Box SDK, https://github.com/box/box-ios-sdk, only supports custom scheme urls in the form boxsdk-<clientid>://
b. The Android Box SDK, https://github.com/box/box-android-sdk, does not support custom scheme redirect Uris (i.e. you can't use boxsdk-<clientid>:// urls.
c. The Box developer console only allows one redirect uri to be set per client id
So we seem to be stuck. We can't fix this. What is boxes recommendation to proceed?
The options seems to be:
1) Box update developer console to allow multiple redirect uris
2) Box update one of the mobile SDKs to so that there's a form of redirect uri that will work with both SDKs
3) We change either our iOS or Android app to use a different client id and hence can use a different redirect url - we will presumably forcibly logging out any logged in users as the refresh tokens will not be usable by a different client, I think we may end up with a second marketplace entry for the app, and I'm not sure if there are other considerations, e.g. users will also be required to re-consent to sharing.
Can Box advise how we should proceed please?
Please sign in to leave a comment.