OAuth 2.0 Redirect URI Changes

Alex Novotny
Nov 30, 2021 · 1 min read
New Redirect URI Configuration Section

Today, we released a new feature for OAuth 2.0 applications that allows developers to add multiple redirect URIs to the application configuration.

In addition, to further increase the security of Box Apps, we are now requiring URIs sent via the API to strictly match one of the URIs listed in the configuration tab of the Developer Console. This will be an exact match check, meaning the URIs must be exactly the same. Localhost and loopback address redirect URIs will be permitted redirect to any port, but the scheme, domain, path and query parameters must match one of the configured URIs.

Starting today, any applications created will need to follow these strict matching requirements. Applications created prior to today will have until May 13, 2022 to make changes and avoid a disruption.

For more details, see the guide or API reference pages.

We hope you enjoy this new feature, and please feel free to reach out to us on the developer forum for support, or via Box Pulse to make suggestions on how to improve the feature.

Box Developer Blog

News and stories for working with the Box APIs