Error: redirect_uri_missing when no redirect URI set

[guillaume-tgl]

Description of the Issue

My app was able to connect correctly to Box using OAuth2.0 and a few days ago, my users started seeing an error page during the authentication flow:

I don't set any BoxConfig.REDIRECT_URL in my app as I don't have any for my app in Box developer console.

Versions Used

Android SDK: 4.2.3 Android: 10

[guillaume-tgl]

I was able to solve this by setting the following redirect URI on Box developer console: https://app.box.com/static/sync_redirect.html This is the default redirect URL used by Box Android SDK. Something was probably changed on Box server recently and the redirect URI in the console needs to match the one set in the app. This should probably be more explicit in the SDK docs.

[PJSimon]

Hi @guillaume-tgl,

I'm sorry to hear that this was a surprise for you. I know how frustrating that can be for you and your users, not to mention the investigation time you had to spend on this, but I'm glad you were ultimately able to resolve it. Thanks for closing this issue to let us know.

Yes, you are correct that there was a change on Box's end. Security requirements changed requiring a Redirect URI to be specified for OAuth 2 Box Apps. This was actually communicated out through a number of channels, starting in September of 2020, including multiple emails to the developer email address associated with your Box application. So, I'm concerned that maybe you missed the emails? Now would probably be a good time to make sure that email address is up-to-date, in case future impactful changes are to be communicated out.

Good point regarding making it more explicit in the SDK docs. I'll add that to the team's backlog and we'll address it in all the SDKs (not just the Android SDK)! Thanks so much!

~ Patrick

[guillaume-tgl]

Thanks for the details. I've just checked and I haven't received any email about this change.

[guillaume-tgl]

@PJSimon do you know what was the subject of the email that was sent about this change?