I have an issue completing the OAuth 2.0 flow for the Box API.
I use the “Get New Access Token” UI and fill in all the relevant URLs, client ID, and client secret. I get presented with the Box login, and I log in and approve the app.
Up to there everything goes fine, but when Postman makes the API call to exchange the authorization code for an access token it seems to forget the client secret, which results in an error in the Box API.
I am not sure if I missed anything, but I’d love some guidance. Here are my settings.
invalid_client kinda tells me it’s using OpenID Connect to authenticate. Not 100% sure. But I’m running into this same problem with OpenID Connect on another API.
OpenID Connect uses OAuth2.0, which Postman supports, but OpenID Connect is not supported. You might have to script outside of Postman to get the token and then plug it in to use OAuth2.0
Also you might want to change your Client Authentication is suppose to send as Basic Auth Header or query parameters.
And if your scope might just be code or token as it usually is when your trying to authenticate.
Box API’s documentation doesn’t make this clear to me, but it seems to want everything in query parameters.
I had been struggling with this issue since yesterday. I’m working with quite a lot of integrations these days which all were working fine except one.
Thank you for the wise words <3
