Need some Clarification on JWT Authentication of Box
Hello team,
I am using BoxSDK for python. There I am using JWT authentication. I have created an app on Developer account for testing which uses authentication as OAuth 2.0 with JSON Web Tokens (Server Authentication).
After creating this TestApp in developer account I am using it in some APIs to do some basic operations in Box. I also got an Service Account ID. related to my test app.
All good till here.
But I am facing issue when I am uploading a folder in my box account through browser and then try accessing that folder contents via Box API, its not accessible.
The same is accessible when I am adding the service account ID as a collaborator in that folder.
So I want to know if there is any option using which I dont need to do the above part i.e. adding service account ID as a collaborator in every folder that I want to access through API. Please suggest.
Is this behavior only for test account? If I take Enterprise edition of Box, will this issue be solved?
I need that whatever folder I upload in Box through website, it should be accessible vis API where I am using JWT authentication.
Many thanks for your help.
-
Hi Deepak,
A service account can impersonate a user, and from your description I think it can solve your use case.
Take a look at the usage of the as-user in the python SDK here.
For more information see:
Let us know if this helped.
Cheers
-
Hello Rui,
Many thanks for the inputs. Using as User Param worked for me actually.
But still I have one issue. If I am directly calling the Box API, its working. But if I am calling from code for SDK its not working. Just refer the code below. Case 1 is returning data, but code in case 2 is not returning data.. Not sure why. Your help on this will be really appreciated.
1:-
auth = JWTAuth.from_settings_file('/Users/deepakkumar/Desktop/aims_admin/aims_admin/config.json')
access_token = auth.authenticate_instance()
url = "https://api.box.com/2.0/folders/191086611195/items"
payload = {}
headers = {
'Authorization': 'Bearer '+ access_token,
'as-user': '23183548938'
}
response = requests.request("GET", url, headers=headers, data=payload)2:-
auth = JWTAuth.from_settings_file('/Users/deepakkumar/Desktop/aims_admin/aims_admin/config.json')
access_token = auth.authenticate_instance()
client = Client(auth)
user_to_impersonate = client.user(user_id='23183548938')
user_client = client.as_user(user_to_impersonate)
items = user_client.folder(folder_id='191086611195').get_items()Regards
Deepak Kumar
-
Hi Deepak,
I think you're just missing the last step.
The .get_items() returns an object but doesn't actually get each item:
I've slightly tweaked your example:
from boxsdk import JWTAuth, Client
def main():
auth = JWTAuth.from_settings_file('./.jwt.config.json')
auth.authenticate_instance()
client = Client(auth)
me = client.user().get()
print(f"Service account user: {me.id}:{me.name}")
user_id_to_impersonate = '18622116055'
folder_of_user_to_impersonate = '191176042455'
user_to_impersonate = client.user(user_id=user_id_to_impersonate).get()
# the .get() is just to be able to print the impersonated user
print(f"User to impersonate: {user_to_impersonate.id}:{user_to_impersonate.name}")
user_client = client.as_user(user_to_impersonate)
items = user_client.folder(folder_id=folder_of_user_to_impersonate).get_items()
print(f"Items in folder:{items}")
# we need a loop to actually get the items info
for item in items:
print(f"Item: {item.type}\t{item.id}\t{item.name}")With the following results:
Service account user: 20344589936:UI-Elements-Sample
User to impersonate: 18622116055:Rui Barbosa
Items in folder:<boxsdk.pagination.limit_offset_based_object_collection.LimitOffsetBasedObjectCollection object at 0x103db7e20>
Item: folder 191177421988 files_to_upload
Item: file 1119062117269 file_a.txtCheers
Please sign in to leave a comment.
Comments
3 comments