How to convert Box's "code" to "token" after user allows access

Question

I'm new at this, trying to hook up Box's API v2. I successfully set up a PHP client library, which I found thanks to the link in the first paragraph on developers.box.com/auth. I've read Box's walkthrough in full more than twice along with roughly 100,000 questions and replies here in regard to the matter. My problem occurs after the user redirects to Box's authorization page, enters his credentials and clicks on "Allow." The results vary according to my redirect_uri and the url of my login page where I've put my client_id and client_secret: 1) If my redirect_uri matches my https://mysite.com/login_with_box, the user redirects to that same url, obviously, which in turn sends the user back to Box's authorization page; and 2) if my redirect_uri differs from https://mysite.com/login_with_box page, then the user successfully returns to my redirect_uri, the url of which includes the 30-second code. I know that I'm close to figuring this out but don't know how to turn the code into a token in 30 seconds or less and use it to show the user's folders, files, info or whatever else. Many thanks for your consideration. Here's where I stand:

// mysite.com/client.php:

// ...

case 'Box':
    $this->oauth_version = '2.0';
    $this->request_token_url = '';
    $this->dialog_url = 'https://api.box.com/oauth2/authorize?client_id={CLIENT_ID}&response_type=code&redirect_uri={REDIRECT_URI}&state={STATE}';

    $this->append_state_to_redirect_uri = '';
    $this->access_token_url = 'https://api.box.com/oauth2/token';
    $this->authorization_header = true;
    $this->url_parameters = false;
break;

// ...

---

// mysite.com/login_with_box.php:

// ...

$client->client_id = '[my_client_id]';
$client->client_secret = '[my_client_secret]';

if(($success = $client->Initialize())) {
    if(($success = $client->Process())) {
        if(strlen($client->access_token)) {
            $success = $client->CallAPI(
                'https://api.box.com/2.0/users/me', 
                'GET', array(), array('FailOnAccessError'=>true), $user);
        }
    }
    $success = $client->Finalize($success);
}

// ...

Answer 1

I figured it out. The problem of course was entirely my fault. Here's how I hooked up the Box API v2 with the PHP OAuth library reccommended by Box:

1. Create an app on developers.box.com and set the required redirect_uri to something like https://mysite.com/oauth/login_with_box.php.

2. Download the PHP OAuth library at www.phpclasses.org/package/7700-PHP-Authorize-and-access-APIs-using-OAuth.html

3. Add something like the following case to PHP OAuth library's oauth_client.php.

   case 'Box':
       $this->oauth_version = '2.0';
       $this->request_token_url = '';
       $this->dialog_url = 'https://api.box.com/oauth2/authorize?response_type=code&client_id={CLIENT_ID}&state={STATE}';
       $this->append_state_to_redirect_uri = '';
       $this->access_token_url = 'https://api.box.com/oauth2/token';
       $this->authorization_header = true;
       $this->url_parameters = false;
   break;
   

4. Create something like login_with_box.php and add it to PHP OAuth library. My login_with_box.php reads as follows.

   <?php  
   
   require('http.php');
   
   require('oauth_client.php');
   
   $client = new oauth_client_class;
   
   $client->server = 'Box';
   
   $client->redirect_uri = 'https://mysite.com/oauth/login_with_box.php';
   
   $client->client_id = 'xxxxxx_BOX_API_CLIENT_ID_xxxxxx';
   
   $client->client_secret = 'xxxxxx_BOX_API_CLIENT_SECRET_xxxxxx';
   
   if(strlen($client->client_id) == 0 || strlen($client->client_secret) == 0)
     die('You need an app to do that.');
   
   if(($success = $client->Initialize())) {
   
       if(($success = $client->Process())) {
   
           if(strlen($client->access_token)) {
   
           $success = $client->CallAPI(
   
               'https://api.box.com/2.0/folders/0',
   
               'GET', array('format'=>'json'), array('FailOnAccessError'=>true), $folder);
   
           }
   
       }
   
       $success = $client->Finalize($success);
   
   }
   
   if($client->exit)
   
       exit;
   
   if($success) { 
   
   ?>
   
   <!doctype html>
   <html>
   <head>
   <title>Box OAuth client results</title>
   </head>
   <body>
   <?php echo '<h1>You successfully logged in with Box</h1>'; echo '<pre>', HtmlSpecialChars(print_r($folder, 1)), '</pre>'; ?>
   
   </body>
   </html>
   
   <?php } else { ?>
   
   <!doctype html>
   <html>
   <head>
   <title>OAuth client error</title>
   </head>
   <body>
   <h1>OAuth client error</h1>
   <pre>Error: <?php echo HtmlSpecialChars($client->error); ?></pre>
   </body>
   </html>
   
   <?php } ?>
   

I hope this helps somebody.

Answer 2

It looks like you need your redirect URL to be something different from the URL that initially sends the user through the OAuth process.

For example, you could have https://mysite.com/login_with_box send the user through the OAuth process, and https://mysite.com/receive_box_oauth_response be the URL that is redirected to after the auth process and handles the OAuth response from box.