Specify your ClientID and ClientSecret as inputs to the /OAuth/InitializeOAuth Choreo. Your application can send the user to the AuthorizationURL returned by this Choreo. A CallbackID is also returned by the InitializeOAuth Choreo.
Once the user has authorized access to your app, complete the OAuth process by passing the CallbackID to the /OAuth/FinalizeOAuth Choreo.
At this point, you should have a valid short-lived AccessToken and RefreshToken. The AccessToken is all you'll need to get started running the Box Choreos.
When your access token expires, you can use the /OAuth/RefreshToken Choreo to generate a new one. Note that refresh tokens are valid for 14 days. If your app does not use the refresh token before it expires, you'll need reinitialize the OAuth process.