Invalid grant_type parameter or parameter missing on Box OAuth2 API with scribe library

Question

I'm trying to write a simple Jenkins plug-in with integration with Box, but I always get this error:

=== Box's OAuth Workflow ===

Fetching the Authorization URL...
Got the Authorization URL!
Now go and authorize Scribe here:
https://www.box.com/api/oauth2/authorize?client_id=abc123&redirect_uri=http%3A%2F%2Flocalhost%3A8080%2Fjenkins%2Fconfigure&response_type=code&state=authenticated
And paste the authorization code here
>>xyz9876543

Trading the Request Token for an Access Token...
Exception in thread "main" org.scribe.exceptions.OAuthException: Cannot extract an acces token. Response was: {"error":"invalid_request","error_description":"Invalid grant_type parameter or parameter missing"}
    at org.scribe.extractors.JsonTokenExtractor.extract(JsonTokenExtractor.java:23)
    at org.scribe.oauth.OAuth20ServiceImpl.getAccessToken(OAuth20ServiceImpl.java:37)
    at com.example.box.oauth2.Box2.main(Box2.java:40)

Box2 class (for testing) :

public class Box2 {
    private static final Token EMPTY_TOKEN = null;

    public static void main(String[] args) {
        // Replace these with your own api key and secret
        String apiKey = "abc123";
        String apiSecret = "xyz987";
        OAuthService service = new ServiceBuilder().provider(BoxApi.class)
                .apiKey(apiKey).apiSecret(apiSecret)
                .callback("http://localhost:8080/jenkins/configure")
                .build();
        Scanner in = new Scanner(System.in);

        System.out.println("=== Box's OAuth Workflow ===");
        System.out.println();

        // Obtain the Authorization URL
        System.out.println("Fetching the Authorization URL...");
        String authorizationUrl = service.getAuthorizationUrl(EMPTY_TOKEN);
        System.out.println("Got the Authorization URL!");
        System.out.println("Now go and authorize Scribe here:");
        System.out.println(authorizationUrl);
        System.out.println("And paste the authorization code here");
        System.out.print(">>");
        Verifier verifier = new Verifier(in.nextLine());
        System.out.println();

        // Trade the Request Token and Verfier for the Access Token
        System.out.println("Trading the Request Token for an Access Token...");
        Token accessToken = service.getAccessToken(EMPTY_TOKEN, verifier);
        System.out.println("Got the Access Token!");
        System.out.println("(if your curious it looks like this: "
                + accessToken + " )");
        System.out.println();


    }
}

BoxApi class:

public class BoxApi extends DefaultApi20 {
    private static final String AUTHORIZATION_URL =
            "https://www.box.com/api/oauth2/authorize?client_id=%s&redirect_uri=%s&response_type=code&state=authenticated";

    @Override
    public String getAccessTokenEndpoint() {
        return "https://www.box.com/api/oauth2/token?grant_type=authorization_code";        
    }


    @Override
    public String getAuthorizationUrl(OAuthConfig config) {
        return String.format(AUTHORIZATION_URL, config.getApiKey(),
                OAuthEncoder.encode(config.getCallback()));
    }

    @Override
    public Verb getAccessTokenVerb(){
       return Verb.POST;
    }

    @Override
    public AccessTokenExtractor getAccessTokenExtractor() {
        return new JsonTokenExtractor();
    }
}

I'm not sure how I get these exceptions. Can anyone who knows the Box API tell me if I've done anything wrong with it?

Answer 1

The request for the access token needs to be in the form of a POST request, with the parameters included in the body of the request–it looks like you're sending a GET with the parameters as URL parameters.