node package manager


box authentication strategy for Passport.


Passport strategy for authenticating with box using the OAuth 2.0 API.

This module lets you authenticate using box, in your Node.js applications.
By plugging into Passport, box authentication can be easily and unobtrusively integrated into any application or framework that supports Connect-style middleware, including Express.

EXPRESS 4.x : Example is now compatible with expressjs 4

$ npm install passport-box

The box authentication strategy authenticates users using a box account and OAuth 2.0 tokens. The strategy requires a verify callback, which accepts these credentials and calls done providing a user, as well as options specifying a client ID, client secret, and callback URL.

passport.use(new BoxStrategy({
    clientID: BOX_CLIENT_ID,
    clientSecret: BOX_CLIENT_SECRET,
    callbackURL: ""
  function(accessToken, refreshToken, profile, done) {
    User.findOrCreate({ boxId: }, function (err, user) {
      return done(err, user);

Use passport.authenticate(), specifying the 'box' strategy, to authenticate requests.

For example, as route middleware in an Express application:


  passport.authenticate('box', { failureRedirect: '/login' }),
  function(req, res) {
    // Successful authentication, redirect home.

For a complete, working example with Express 4, refer to the login example.

The MIT License

Copyright (c) 2013 Nicolas Alessandra <>