Invalid credentials when trying to obtain box api

2019-07-18 09:02发布

问题:

Here is my problem:

I followed the instructions posted at you tube: "Get Box Access Tokens in 2 Quick Steps", using the client_id and client_secretprovided by box

step1: get the auth_code

I copy and paste the following request in firefox:

https://www.box.com/api/oauth2/authorize?response_type=code&client_id=MY_CLIENT_ID&state=authenticated

step2: use the code from step1 to get the access and refresh tokens, using curl:

curl -v -k https://www.box.com/api/oauth2/token -d 'grant_type=authorization_code&code={auth_code}&client_id={MY_CLIENT_ID}&client_secret={MY_CLIENT_SECRET}' -X POST

The reponse I get is "invalid client credentials". Did I miss something? Thanks in advance for helping. I really don't know how to troubleshoot this error.

回答1:

What's more likely is that you've left in something that's causing the curl request to only take in the first line, ignoring "-d..." and beyond. If you're too slow, you'll actually get this error:

{"error":"invalid_grant","error_description":"The authorization code has expired"}

Write the curl request again on one line or try to copy and paste this:

curl https://www.box.com/api/oauth2/token -d 'grant_type=authorization_code&code={CODE}&client_id={CLIENT_ID}&client_secret={CLIENT_SECRET}' -X POST



回答2:

I had the same issue and it worked for me after adding header: Content-Type: application/x-www-form-urlencoded

So your curl command would look like

curl -v -k https://www.box.com/api/oauth2/token -d 'grant_type=authorization_code&code={auth_code}&client_id={MY_CLIENT_ID}&client_secret={MY_CLIENT_SECRET}' -H "Content-Type: application/x-www-form-urlencoded" -X POST



回答3:

I'll answer my own question in case some other newcomer falls in the same trap as I did:

Simply remove the curly brackets ({ }), so that the request will be:

curl -v https://www.box.com/api/oauth2/token -d 'grant_type=authorization_code&code=AUTH_CODE&client_id=CLIENT_ID&client_secret=CLIENT_SECRET' -X POST

and replace AUTH_CODE, CLIENT_ID and CLIENT_SECRET by their corresponding values without adding any "decorative" character, at least if you're using curl.

Notice that I also removed the -k option after adding the path to a cacert.pem file as a SSL_CERT_FILE environment variable, so that curl would find it and stop complaining.