Either I'm dense, or the docs assume I already know what they're telling me, but I need some clarification on doing authentication for a box.com app. I really don't understand whate's going on. As I read it:
Obviously I got lost somewhere.
And, why do I have to have a server involved in the process? The article on making a JavaScript app refers to a direct request for a token. Is there documentation on that somewhere?
https://www.box.com/api/oauth2/authorize
, specifying your clientId, clientSecret and redirectURI as parameters. About redirectURI see below.https://www.box.com/api/oauth2/token
, specifying the previously obtained code. If everything was correct, your application receives an access_token, a refresh_token and "expires" values.Note: if you develop a desktop application, then you should open browser for user on the step 4, redirectURI should be something like http://127.0.0.1:8080/Callback
and you should run a small webserver just to catch the redirect with the code as in step 7.