According to BOX provider documentation client_id and client_secret parameters should be included in body of the request when obtaining an access token, but in current implementation they are encoded as base64 and included in Authorization header.
https://developer.box.com/reference/post-oauth2-token/
Solution is to override getClientAuthentication method in BoxApi20 class and return RequestBodyAuthenticationScheme.instance() from it.
Also BoxApi20 doesn't sign requests correctly. It should be switched to use BearerSignatureAuthorizationRequestHeaderField signature instead of using BearerSignatureURIQueryParameter. I guess for this, we just need to remove overriden getBearerSignature method from BoxApi20`.
Look at the example of API call
https://developer.box.com/reference/get-metadata-templates-enterprise-securityClassification-6VMVochwUWo-schema/
According to BOX provider documentation
client_idandclient_secretparameters should be included in body of the request when obtaining an access token, but in current implementation they are encoded as base64 and included in Authorization header.https://developer.box.com/reference/post-oauth2-token/
Solution is to override
getClientAuthenticationmethod inBoxApi20class and returnRequestBodyAuthenticationScheme.instance()from it.Also BoxApi20 doesn't sign requests correctly. It should be switched to use
BearerSignatureAuthorizationRequestHeaderFieldsignature instead of usingBearerSignatureURIQueryParameter. I guess for this, we just need to remove overridengetBearerSignaturemethod from BoxApi20`.Look at the example of API call
https://developer.box.com/reference/get-metadata-templates-enterprise-securityClassification-6VMVochwUWo-schema/