OAuth2 via script: python3 urllib.request.Request(auth_url) not working

I'm trying to use box's API to access public files (provided by my
local police department).  I've established a box application to do
this, have its credentials, and am now writing a python3 app using
boxsdk, following the documentation here:
https://developer.box.com/docs/authenticate-with-oauth-2

>> CurrOAuth = boxsdk.OAuth2(
        client_id = myCID,
        client_secret = mySecret,
    )
>> auth_url, csrf_token = CurrOAuth.get_authorization_url('https://app.box.com')

So far so good.  But i must be interpretting your instructions for
Step 2, redirecting the user,  incorrectly.  Its last step is

     return redirect(auth_url)

?? Which (library's) `redirect()` function do you have in mind?

The first instruction of Step 3 is:

    When the user is redirected back to your application redirect_uri, a
    code and state parameter will also be present in the querystring
    parameters.

if I paste `auth_url` into a browser, i'm indeed directed (after
logging in to box) to my home folder.  however, when i try to
script this using python3's urlib:

>> request = urllib.request.Request(auth_url)
>> u = opener.open(request)
>> u.geturl()
'https://app.box.com/api/oauth2/authorize?state=box_csrf_token_*MORE-RANDOM_CSRF*&response_type=code&client_id=*ClIENT-ID*&redirect_uri=https%3A%2F%2Fapp.box.com'

(i've elided the actual *MORE-RANDOM_CSRF* and *ClIENT-ID*)

the redirect returns exactly the original `auth_url`, and does NOT
contain the critical `code` parameter you mention in Step 3, and
so cannot get the access and refresh tokens.

what am i missing, please?