Subject: OAuth 2.0 app — invalid_client on authorize endpoint
I'm getting an `invalid_client` error when attempting the OAuth 2.0 authorization flow for a custom app on our Standard Enterprise account (Enterprise ID: 42813).
What I've done:
1. Created a new Custom App in the Developer Console, selecting "OAuth 2.0" as the App Type at creation time (App ID: 2544805, "Claude OAuth")
2. Configured redirect URI: http://localhost
3. Scopes: Read all files/folders, Write all files/folders, Manage AI
4. Saved configuration
5. Verified Enterprise Settings > Platform Apps > "Disable unpublished platform apps by default" is OFF
When I visit:
https://account.box.com/api/oauth2/authorize?client_id=8q17251dyhyzbopddx012vadvvnk6at3&response_type=code&redirect_uri=http://localhost
I get: "There was an error logging you in. Please restart your application and try again."
In incognito, the error is more specific: "Error: invalid_client" with the correct client_id and redirect_uri shown in the details.
I also tried with a previously existing app (App ID: 2540385, "Claude Audit", Client ID: h7m1v6n2pg73f0avimtph5aty4sgwgsm) — same error. That app also shows as OAuth 2.0 in the developer console listing.
The Platform Apps Manager > User Authentication Apps tab does not list either app, and attempting to add the Client ID via the + button is not accepted.
I am the primary admin for this enterprise. Developer tokens work fine on both apps — only the OAuth 2.0 authorize flow fails.
Environment:
- Box Standard Enterprise
- 7 managed users
- Enterprise ID: 42813
- Tested in Chrome (normal + incognito) on macOS
Any guidance on what might be blocking the authorize endpoint?