When attempting to obtain a token via Server Authentication, the following error message is returned:
{ "error": "invalid_request", "error_description": "Cannot obtain user token based on the enterprise configuration for your app" }
Environment
Any custom application making API calls to obtain a user token/client (and not a service account or enterprise token) using Server Authentication.
Examples:
- https://github.com/box/box-node-sdk#app-auth-client
- https://github.com/box/box-windows-sdk-v2#create-an-app-user
Resolution Steps
Ensure the proper scopes are enabled for the application.
Root Cause
To obtain a token for a user through JWT Authentication, two items are required:
- The "Generate user access tokens" scope is enabled in the application's configuration page.
- If the user ID passed in the JWT is an app user, "Application Access" is required (also on the application's configuration page). If the user ID passed in the JWT is a managed user, "Enterprise Access" is required.
Make sure to re-authorize the application in the enterprise's Administrator Console after making any changes to a Server Authentication app.
platform_swarm_kb