This is not going to be possible: I have been in touch with Box's Product and Platform team and this is the response I got:
It's unlikely that we're going to support persistent login in the near future. This is related to our implementation of OAuth2. It's possible for clients to have their secrets hijacked, and requiring a handshake request with that secret plus a one-time auth token provides added security.