Skip to main content
Question

How do I create INITIAL OAuth2 tokens?

  • May 22, 2025
  • 10 replies
  • 42 views
C
Forum|alt.badge.img

Hi! 

 

So, I've tried to find this and haven't come across anything specific that has been able to help me. It may be out there, so if it is, please forgive me for posting this question again.

 

I'm trying to use BoxSDK for Python for OAuth2 identification.

 

I've come across 2 URLs to obtain initial authentication tokens:

a) box-token-generator.herokuapp.com

b) https://app.box.com/api/oauth2/authorize?response_type=code&client_id= CLIENT_ID --- this goes to the URL in a)

 

At box-token-generator.herokuapp.com, there is a warning "Warning! Only use this tool with test client credentials/test Box accounts"

 

So, I can't use that URL.

 

Any tokens that do come from this seem to expire very quickly and regardless of whether the tokens are used within that short time, it doesn't look like either the refresh or access token get replenished because I end up getting that the refresh token has become invalid (hence the warning)

 

There was enough documentation to be able to write something using Python and the Box SDK to re-authenticate and store the new tokens, but I can't figure out how to get the INITIAL tokens.  

 

Please help! Thanks!

    10 replies

    C
    Forum|alt.badge.img

    Hi rollo100,

     

    This guide should help you go through the OAuth 2 process with Python: https://developer.box.com/docs/authenticate-with-oauth-2

     

    That should allow you to get the original access token. If you see under step 3 in the Python example that access_token is one of the set variables. That may be extracted if you need it.

     

    I'd recommend using the Python SDK directly, as opposed to making the direct API calls yourself, as it'll be easier to update the SDK if changes are made rather than your underlying direct API code.

     

    Let me know if you have any other questions,

    Jon

    C
    Forum|alt.badge.img

    Thank you! I'll give it a try right away!

    C
    Forum|alt.badge.img

    Hi,

     

    When i tried to run the Step 1 code in python, it gave me an error - 

    No module named 'config_oauth'

    I also tried to install config_oauth but it says 'could not find a version which satisfies the requirement config_oauth'.

    I am relatively new to python and box api so have very limited knowledge on where i am doing wrong. 

     

    Thanks!

    C
    Forum|alt.badge.img

    Hi , you'll need to create the config file yourself, as outlined here: https://developer.box.com/docs/authenticate-with-oauth-2#section-step-1-add-config-and-dependencies

    C
    Forum|alt.badge.img

    I am not sure if i get it. If I am passing the client ID, client Secret and Redirect URL in the code itself, still i have to create a config file?

    I am trying to get the access token and refresh token to automate the task of moving the files within my box account. 

     

    C
    Forum|alt.badge.img

    No, you can either use a config file (as shown in the docs) or simply embed those three variables directly in your code and remove the line for: 

    import config_oauth

    What the Python code would look like with that removed would be something like: 

    from boxsdk import Client
from boxsdk import OAuth2

# Auth config
client_id = 'YOUR CLIENT ID'
client_secret='YOUR CLIENT SECRET'
redirect_uri = 'http://127.0.0.1:5000/return'

# Create new OAuth client & csrf token
oauth = OAuth2(
  client_id=client_id,
  client_secret=client_secret
)
csrf_token = ''

global csrf_token
auth_url, csrf_token = oauth.get_authorization_url(redirect_uri)

return redirect(auth_url)
    C
    Forum|alt.badge.img

    Thank you! I will try the provided code. 

    C
    Forum|alt.badge.img

    The code sometimes works well generating auth_url. But sometimes it throws an error 

    name 'auth_url' is not defined

    Any help on what i am doing wrong. 

     

    C
    Forum|alt.badge.img

    I have create file called renewToken.py and write following code to it

     

     

    from boxsdk import Client
    from boxsdk import OAuth2

     

    def renewToken():

        # Auth config
        client_id = 'YOUR CLIENT ID'
        client_secret='YOUR CLIENT SECRET'
        redirect_uri = 'http://127.0.0.1:5000/return'

        # Create new OAuth client & csrf token
        oauth = OAuth2(
        client_id=client_id,
        client_secret=client_secret
        )
        csrf_token = ''

        global csrf_token
        auth_url, csrf_token = oauth.get_authorization_url(redirect_uri)

        return redirect(auth_url)

     

    My question is how do i use following code:

     

    # Fetch access token and make authenticated request
    .route('/return')
    def capture():
        # Capture auth code and csrf token via state
        code = request.args.get('code')
        state = request.args.get('state')

        # If csrf token matches, fetch tokens
        assert state == csrf_token
        access_token, refresh_token = oauth.authenticate(code)

       # PERFORM API ACTIONS WITH ACCESS TOKEN

    C
    Forum|alt.badge.img

    Can you please comment your code snippet , I am new to python could find solution which will i understand.

    Terms of ServiceAccessibility statement