Box API documentation is crap so I asked ChatGPT for some help and think I finally made some progress. I also think the Rclone documentation for Box remotes is a bit lacking so maybe the info below will help others. I had to go through a completely convoluted way to get OAuth functional so I'm sure this can be made simpler but here goes.
Creating the Box App
- Go to the Box Developer Console and login, then click "My Apps" on the sidebar. Click "Create New App" and select "Custom App".
- In the first screen on the box that pops up, you can pretty much enter whatever you want. The "App Name" can be whatever. For "Purpose" choose automation to avoid having to fill out anything else. Click "Next".
- In the second screen of the creation screen, it'll ask to select authentication method. Box API does NOT provide refresh tokens when using "Server Authentication (with JWT)" or "Server Authentication (Client Credentials Grant)" so select "User Authentication (OAuth 2.0)". Then click "Create App".
Configuring the Box App
- You should now be on the "Configuration" tab of your new app. If not, click on it at the top of the webpage.
- Copy down "Client ID" and "Client Secret", you'll need those for rclone.
- Under "OAuth 2.0 Redirect URI", add
http://localhost:8080
. - For "Application Scopes", select "Read all files and folders stored in Box" and "Write all files and folders stored in box" (assuming you want to do both). Leave others unchecked.
- Click "Save Changes" at the top right.
All the stuff below is unnecessary and I was (unknowingly) bypassing a different error that I can no longer pinpoint. Leaving it here for reference but going through the normal Rclone prompt for remote creation should work as expected.
Getting the Access/Refresh Tokens
This is the janky part that I was unable to complete through rclone, so I did it through a python script which you can get here.
- Replace
YOUR_CLIENT_ID
andYOUR_CLIENT_SECRET
on lines 8-9 with the info collected in the previous step. Then run the script. - Once you get a URL, either click on it if your shell allows or copy and paste it into your browser. It should take you to Box's authorization page where you can click "Grant Access".
- You will be redirected to a webpage that does not exist but the URL will look like this:
http://localhost:8080/?state=random_string&code=[TEMPORARY_TOKEN]
. Copy the token and paste it into your shell that's running my script. - The script will spit out a JSON string with your access token and refresh token, which looks something like this:
{"access_token": "[ACCESS_TOKEN]", "refresh_token": "[REFRESH_TOKEN]"}
. Copy this down, you'll need it for rclone.
rclone Config
My entire configuration for the box remote is:
[box]
type = box
token = {"access_token": "[ACCESS_TOKEN]", "refresh_token": "[REFRESH_TOKEN]"}
root_folder_id = [FOLDER_ID]