I am building a Box web app integration that requires users to have OAuth access and refresh tokens so that they can make calls to Box. More specifically, when the users click on the three dots beside a file, they can choose my application, and I want them to receive an OAuth token to further interact with Box through API calls.
I have the auth_code being sent back as a callback parameter currently. I know that after I obtain that code I need to exchange it with Box for an actual OAuth access and refresh token. However, in order to make that POST call to retrieve the access and refresh code, I also need to supply the client id and client secret.
From what I understand, because I received the auth_code from the callback parameters, I can skip to step 5 "Getting the Access Token" in the OAuth documentation (I found this information from the directions regarding the auth_code available on the callback parameters page). However, as I previously mentioned, the documentation for obtaining the OAuth code specifies that I need both the client id and the client secret.
How do I obtain this information??
Thank you very much in advance