Rclone box OATH2 Now seems to need you to generate your own client_id and client_secret

Joel_Peshkin · February 26, 2020, 11:35pm

Hi All:

It seems that Box no longer allows you to leave the client_id and client_secret fields blank (to use rclone's client) when setting up a box remote.
Instead, you need to log into the box developer site and create your own OAUTH2 custom application and use the client_id and client_secret for your custom app. Don't forget to use http://localhost:53682 for the redirect url.

karl · February 27, 2020, 3:40am

I'm just getting started with rclone and Box, but I'm having an issue where I enter the command rclone authorize "box" and the Box website says:

There seems to be a problem with this app.

Error: insecure_redirect_uri

Show Error Details

response_type=code

redirect_uri=http://127.0.0.1:53682/

state=<random string>

client_id=<random string>

I'm logged into Box in my browser. Have you run into this issue, or do you have any ideas? If not, I can file a bug in github.

Rclone version: 1.47.0
OS: Ubuntu 19.10
Box account type: Enterprise SSO

Joel_Peshkin · February 27, 2020, 8:31am

That is the same issue. You can create your own "application" and use its client id instead of the default rclone id.

ncw · February 27, 2020, 11:02am

It looks like Box have changed the policy over the redirect URI somehow. I'm in contact with the support team about it.

ncw · February 27, 2020, 11:09am

I think this maybe because rclone was recently approved into the app gallery so maybe the rules are tighter there?

Joel_Peshkin · February 27, 2020, 2:29pm

I think that there are 2 things.

When you published, existing tokens stopped working in box Enterprise until the administrator whitelists the app. Setting up a new remote gets the problem that the redirect url isn't https. The redirect may be ok if it is "localhost" vs "127.0.0.1" or vice versa or it may be that a published app has to use ssl regardless.

I any case, I suggest you update instructions to emphasize setting up your own custom app.

ncw · February 27, 2020, 3:55pm

Foo, that is annoying!

I've asked support to clarify this.

Presumably this only works if the custom app isn't approved?

Erich_Bremer · February 27, 2020, 4:56pm

This solution worked for me.

kylerlaird · February 27, 2020, 7:07pm

My workaround is here: http://uploads.lairds.com/kyler/rclone_token.txt

Box does not seem to work via HTTP with "localhost", either.

ncw · March 3, 2020, 7:56am

The box team have unlisted rclone from the app gallery.

This should mean that

the 127.0.0.1 redirect works OK
the old config works OK.

I had no idea getting rclone listed in the app gallery would cause so much disruption - I'll try to work with box for a smoother transition next time.

calisro · March 3, 2020, 1:56pm

Closing to consolidate duplicate recent topics. Keeping this one open in favor.