Redirect to m.box.com during obtaining the token. no token response what so ever

0
votes

When I do https://api.box.com/oauth2/token in order to obtain access token it redirect me to m.box.com !!!

I'm using JavaScript XHR POST, cannot get how come it manages redirect me to https://m.box.com/ !?

Here is my request:

Request URL:https://api.box.com/oauth2/token
Request Method:POST
Status Code:200 OK
Request Headersview source
Accept-Language:en-US,en;q=0.8
Content-Type:application/x-www-form-urlencoded
Cookie:box_visitor_id=511bb5cfe018c0.09915316; country_code=US; box_redirect_url=https%3A%2F%2Fm.box.com%2F; box_redirect_rm=common_main; z=1pm9dat3tb82gs1s2njrdsocg4; referrer=; __utma=254217048.1806492505.1360770515.1360778764.1360781511.3; __utmb=254217048.14.9.1360786227431; __utmc=254217048; __utmz=254217048.1360770515.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=47569716.1075364291.1360770555.1360781565.1360783878.4; __utmb=47569716.5.10.1360783878; __utmc=47569716; __utmz=47569716.1360783878.4.4.utmcsr=api.box.com|utmccn=(referral)|utmcmd=referral|utmcct=/oauth2/authorize; RT=s=1360786281036&r=https%3A%2F%2Fwww.box.com%2Fapi%2Foauth2%2Fauthorize%3Fresponse_type%3Dcode%26client_id%3Dqpome2tetr5oesmq62tut4brabsd9j1q%26state%3Dauthenticated
Origin:platform://.
User-Agent:Mozilla/5.0 (BB10; Touch) AppleWebKit/537.10+ (KHTML, like Gecko) Version/10.0.10.357 Mobile Safari/537.10+
Form Dataview URL encoded
grant_type:authorization_code
code:mj5wDvMwjbbWBlg2QRsN296OvMS9nsWf
client_id:qpome2tetr5oesmq62tut5brabsd9j1q
client_secret:1bCE76NVOe6c3Ro4mKXXrMqW7BLunib4
Response Headersview source
Cache-Control:no-store
Connection:close
Content-Length:174
Content-Type:application/json
Date:Wed, 13 Feb 2013 20:11:22 GMT
Server:nginx

as you see it doesn't carry any response, instead it redirects me to https://www.box.com and then to https://m.box.com !! Can some one explain me why?

It is Webworks HTML5 for Blackberry 10.

UPDATE:

After detaily looking at Network activity I notices when I have redirect_url as https:// it looks like:

GET Request URL:https://www.box.com/api/oauth2/authorize?response_type=code&client_id=qpome2te3r5oesmq62ttt41bdabsd9j1q&state=authenticated Request Method:POST Status Code:302 Found

GET Request URL:https://google.com/?state=authenticated&code=S1KrsSQG5XWURvpFV8NrfqkuCpCxo2Z3 Request Method:GET Status Code:301 Moved Permanently

But when I use URI scheme of any kind: like for example misha:// it looks like:

GET Request URL:https://www.box.com/api/oauth2/authorize?response_type=code&client_id=qpome2te3r5oesmq62tttbbddbsd9j1q&state=authenticated Request Method:POST Status Code:200 OK

GET Request URL:misha://authorised.html?state=authenticated&code=5h49cfldt0zWy8f8Y4IKewTTr07TFzkJ Request Headersview source Accept-Language:en-US,en;q=0.8 Status: CANCELLED

GET Request URL:https://www.box.com/ Request Method:GET Status Code:302 Found

.....

When I use URI scheme which is registered ive got this:

GET Request URL:https://www.box.com/api/oauth2/authorize?response_type=code&client_id=qpome2te3r5oesmq62tttbbddbsd9j1q&state=authenticated Request Method:POST Status Code:200 OK

GET Request URL:platform:///authorised.html?state=authenticated&code=l793tAT7eVpl85gvr77ZdnIFHTGYVNsJ Request Method:GET Status Code:200

and then in goes for box.com all of a sudden no matter what is do in my authorised.html!??

GET Request URL:https://www.box.com/ Request Method:GET Status Code:302 Found

1
javascriptpostbox-api
You should definitely remove your client id and secret from this sample–people can now access your app.seanrose
No worries it thought about this beforehand, it is all faked up :) also this is test service anyways, going to ditch it after.xchg.ca

1 Answers

0
votes

The primary issue you're running into is making a request from your domain to www.box.com in Javascript. This isn't permitted by Same Origin Policy