According to the "Authorize user" API document, the "state" may contain a "custom string of your choice."
Recently we find out that if sending the request with "ip" like parameters in URL, we will get 403 forbidden. For example:
https://account.box.com/api/oauth2/authorize?response_type=code&state=http://8.8.8.8
We need the IP-like in parameter to identify and verify a user on redirect.
Please help check this issue. Thank you!
360497915707 We have noticed that there's another post similar to this issue after we posted this one:
https://support.box.com/hc/en-us/community/posts/16198848730771-OAuth2-0-Authorization-URL-returns-403-Forbidden-
However, we find out that we are not looped in the support case, so we do not know about the investigation progress.
Is it possible to notify us about the progress if there's any updates? (or loop us in the case)
Or create another case so that we can join the investigation.
Thank you.
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.
