Skip to main content
Question

Box Auth does not support OAuth2.0 response_mode parameter

  • May 22, 2025
  • 3 replies
  • 7 views
C
Forum|alt.badge.img

The OAuth2.0 spec details a query parameter "response_mode" that can be set to "form_post" to change the behavior of the OAuth redirect request payload to be put into a POST request as opposed to the query parameters.  This is a critical behavior for us to be able to support box in our current hosting environment because Azure Functions has an active bug that causes the "code" parameter to be intercepted by the system meaning the request never makes it to our service endpoint.

I have attempted to use this behavior with box, but it does not appear to support it properly.  Does anyone have any information here?

Final: OAuth 2.0 Form Post Response Mode (openid.net)

Authorize user - API Reference - Box Developer Documentation

    3 replies

    C
    Forum|alt.badge.img

    Hey Tim, 

    Checking in with our engineering team on this and will follow up as soon as I can! 

    Best,

    Kourtney, Box Developer Advocate

    C
    Forum|alt.badge.img

    Our engineering team confirmed that we do not support this parameter at this time and it would be considered a feature request. If you would like to see this added to our roadmap please ensure you submit this feedback directly to our product team at https://pulse.box.com

    C
    Forum|alt.badge.img

    Thanks, Kourtney.  Out of curiosity - is this actually a feature request or simply a bug in the implementation of the OAuth provider specification?  I'm not sure if those are tracked differently internally.

    We have found a less than ideal work around in the short term.

    Terms & ConditionsCookie settingsAccessibility statement