I think the user will be directed to the URL below when authorizing the user using OAuth 2.0.
https://account.box.com/api/oauth2/authorize?response_type=code&redirect_uri=xxxx&state=xxxx&client_id=xxxx
When redirecting the user to the above URL, a problem occurs where a screen like the one below is displayed.
https://account.box.com/login/mfa?redirectUrl=/api/oauth2/authorize?response_type=code&redirect_uri=xxxx&client_id=xxxx
I’ve run into this problem several times and I’m guessing that the following conditions are causing this issue:
・2FA is enabled for your Box account stored in your browser’s cookies
・A certain amount of time has passed since you accessed the box using the above account on your browser.
Currently, the following workarounds are being considered, but is there a fundamental solution?
・Use an incognito browser to prevent your Box account saved in cookies from being used.
・Access the approval URL again
Similar questions have been asked in other environments, so I’ll post the link for your reference.