pythonpython-3.xbox-apiboxapiv2

Working with the Box.com SDK for Python


I am trying to get started with the Box.com SDK and I have a few questions.

from boxsdk import OAuth2

oauth = OAuth2(
    client_id='YOUR_CLIENT_ID',
    client_secret='YOUR_CLIENT_SECRET',
    store_tokens=your_store_tokens_callback_method,
)

auth_url, csrf_token = oauth.get_authorization_url('http://YOUR_REDIRECT_URL')

def store_tokens(access_token, refresh_token):
    # store the tokens at secure storage (e.g. Keychain)

1)What is the redirect URL and how do I use it? Do I need to have a server running to use this?

2)What sort of code to I need in the store_tokens method?


Solution

  • I suggest taking a look at the OAuth 2 tutorial. It will help give a better understanding of how OAuth works and what the various parameters are used for.

    1. The redirect URL is set in your Box application's settings:

      screenshot of Box application settings

      This is the URL where Box will send an auth code that can be used to obtain an access token. For example, if your redirect URL is set to https://myhost.com, then your server will receive a request with a URL that looks something like https://myhost.com?code=123456abcdef.

      Note that your redirect URI doesn't need to be a real server. For example, apps that use a WebView will sometimes enter a fake redirect URL and then extract the auth code directly from the URL in the WebView.

    2. The store_tokens callback is optional, but it can be used to save the access and refresh tokens in case your application needs to shutdown. It will be invoked every time the access token and refresh token changes, giving you an opportunity to save them somewhere (to disk, a DB, etc.).

      You can then pass in these tokens to your OAuth2 constructor at a later time so that your users don't need to login again.