{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 Deceive 欺骗 的问题《Invalid credentials when trying to obtain box api》','https://www.manongdao.com/q-865603.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
Here is my problem:
I followed the instructions posted at you tube: "Get Box Access Tokens in 2 Quick Steps", using the client_id and client_secretprovided by box
step1: get the auth_code
I copy and paste the following request in firefox:
step2: use the code from step1 to get the access and refresh tokens, using curl:
curl -v -k https://www.box.com/api/oauth2/token -d 'grant_type=authorization_code&code={auth_code}&client_id={MY_CLIENT_ID}&client_secret={MY_CLIENT_SECRET}' -X POST
The reponse I get is "invalid client credentials". Did I miss something? Thanks in advance for helping. I really don't know how to troubleshoot this error.
I had the same issue and it worked for me after adding header: Content-Type: application/x-www-form-urlencoded
So your curl command would look like
curl -v -k https://www.box.com/api/oauth2/token -d 'grant_type=authorization_code&code={auth_code}&client_id={MY_CLIENT_ID}&client_secret={MY_CLIENT_SECRET}' -H "Content-Type: application/x-www-form-urlencoded" -X POST
I'll answer my own question in case some other newcomer falls in the same trap as I did:
Simply remove the curly brackets ({ }), so that the request will be:
and replace
AUTH_CODE,CLIENT_IDandCLIENT_SECRETby their corresponding values without adding any "decorative" character, at least if you're using curl.Notice that I also removed the -k option after adding the path to a
cacert.pemfile as aSSL_CERT_FILEenvironment variable, so that curl would find it and stop complaining.What's more likely is that you've left in something that's causing the curl request to only take in the first line, ignoring "-d..." and beyond. If you're too slow, you'll actually get this error:
{"error":"invalid_grant","error_description":"The authorization code has expired"}
Write the curl request again on one line or try to copy and paste this:
curl https://www.box.com/api/oauth2/token -d 'grant_type=authorization_code&code={CODE}&client_id={CLIENT_ID}&client_secret={CLIENT_SECRET}' -X POST