Issue completing OAuth 2 flow

I have an issue completing the OAuth 2.0 flow for the Box API.

I use the “Get New Access Token” UI and fill in all the relevant URLs, client ID, and client secret. I get presented with the Box login, and I log in and approve the app.

Up to there everything goes fine, but when Postman makes the API call to exchange the authorization code for an access token it seems to forget the client secret, which results in an error in the Box API.

I am not sure if I missed anything, but I’d love some guidance. Here are my settings.

And to follow up, here is what is output in the console. As you can see the client secret is missing.

invalid_client kinda tells me it’s using OpenID Connect to authenticate. Not 100% sure. But I’m running into this same problem with OpenID Connect on another API.

OpenID Connect uses OAuth2.0, which Postman supports, but OpenID Connect is not supported. You might have to script outside of Postman to get the token and then plug it in to use OAuth2.0

Also you might want to change your Client Authentication is suppose to send as Basic Auth Header or query parameters.

And if your scope might just be code or token as it usually is when your trying to authenticate.

Box API’s documentation doesn’t make this clear to me, but it seems to want everything in query parameters.

Tnx Kyle. I found the issue eventually, I had to change the last setting (Client Authentication) to send the credentials in the Body.

2 Likes

Solved the same “invaid_client” problem for me too by changing
“Client Authentication” to “Send client credentials in body”

1 Like