OAuth and Box Web App Integrations
I am building a Box web app integration that requires users to have OAuth access and refresh tokens so that they can make calls to Box. More specifically, when the users click on the three dots beside a file, they can choose my application, and I want them to receive an OAuth token to further interact with Box through API calls.
I have the auth_code being sent back as a callback parameter currently. I know that after I obtain that code I need to exchange it with Box for an actual OAuth access and refresh token. However, in order to make that POST call to retrieve the access and refresh code, I also need to supply the client id and client secret.
From what I understand, because I received the auth_code from the callback parameters, I can skip to step 5 "Getting the Access Token" in the OAuth documentation (I found this information from the directions regarding the auth_code available on the callback parameters page). However, as I previously mentioned, the documentation for obtaining the OAuth code specifies that I need both the client id and the client secret.
How do I obtain this information??
Thank you very much in advance
When you created your app, the page should have told you the client id and client secret. If you need to see them again, you can go back to https://app.box.com/developers/services, open your app, and see them both listed on the page.
Hi, yes I see these fields.
If I use the client id and the client secret provided in my web app integration, what will the permissions be for the user that is given the OAuth access and refresh tokens? i.e. what happens when an enterprise admin uses the web app integration versus a user with only viewer rights?
Does the OAuth token uphold those permissions or is the only possibility to use the web app's own client secret and id?
I am sorry if I am misunderstanding here.
Thank you very much!