The authorization code grant is a commonly used authentication flow for web and native applications. It provides secure connections by requiring multiple points of authentication before permitting access to data. When using the authorization code flow, the application first navigates to the location hosting the temporary authorization code and retrieves it. Next, the authorization code is exchanged for an access token from the location specified in the TokenURI property. If authentication takes place with a third-party authentication service, the application is redirected to the endpoint provided in the RedirectURI property to begin the session.
To use an authorization code grant:
The application should be configured to set the OAuthCode property to specify the authorization code that is exchanged for the access token.
Configure the minimum properties required for a connection:
If you are using a REST file, set the Config property to provide the name and location of the input REST file. For example, C:/path/to/box.rest.
If you are using the Sample property, set the Sample property to specify the endpoint that the want to connect to and sample. For example, https://example.com/countries/.
Set the AuthenticationMethod property to OAuth2.
Set the ClientID property to specify the client ID key for your application.
Set the TokenURI property to specify the endpoint used to exchange authentication credentials for access tokens. For example, https://example.com/oauth2/authorize/.
If required by your authentication flow, set the RedirectURI to specify the endpoint that the client is returned to after authenticating with a third-party service.
Optionally, set the Scope property to specify a space-separated list of OAuth scopes to limit the permissions granted by the access token.
The following example demonstrates a basic session for a Box account using an authorization code grant: