Unexpected Screen Appears for Accounts with 2FA Enabled During OAuth 2.0 Authentication with Box

I think the user will be directed to the URL below when authorizing the user using OAuth 2.0.
https://account.box.com/api/oauth2/authorize?response_type=code&redirect_uri=xxxx&state=xxxx&client_id=xxxx

When redirecting the user to the above URL, a problem occurs where a screen like the one below is displayed.
https://account.box.com/login/mfa?redirectUrl=/api/oauth2/authorize?response_type=code&redirect_uri=xxxx&client_id=xxxx

I’ve run into this problem several times and I’m guessing that the following conditions are causing this issue:
・2FA is enabled for your Box account stored in your browser’s cookies
・A certain amount of time has passed since you accessed the box using the above account on your browser.

Currently, the following workarounds are being considered, but is there a fundamental solution?
・Use an incognito browser to prevent your Box account saved in cookies from being used.
・Access the approval URL again

Similar questions have been asked in other environments, so I’ll post the link for your reference.

Hi,

Try to logout you browser Box.com active sessions or close the browsers.

This is what the redirect browser window should look like, and I have 2FA enabled.

Next, the 2FA check:

And finally the grant access with the list of permissions:

Best regards

1 Like

Thank you for your help. I was able to log in successfully using the method you provided.

However, I am looking for a fundamental solution to this issue. Should I report this problem to the Box development team? Is it appropriate to submit a ticket using the form below?
https://support.box.com/hc/ja/requests/new

Please let me know if you have any advice.

Of course, please do!

This topic was automatically closed 4 days after the last reply. New replies are no longer allowed.