how to bypass "grant access to Box"?
is there a way to eliminate the grant access page if a user is already given access to the app? Or is there any other type of custom app I can use for this purpose?
I integrate the Box with my application to access files from specific folder. but for every request it ask to 'grant access to box window. 'I need to eliminate(bypass) this step to make access fully automated.
-
The quick answer is yes.
However it depends on which type of authentication you are using for your app.
If you are using pure OAuth 2.0, this means your app will use the logged in user security context. This implies the user must at least once authorize the app to access its content. In this case store the access token and the refresh token for later user. Of course be sure to take security into account and encrypt the tokes. The access token is valid for 60 minutes and the refresh token for 60 days. User the refresh token to get a new access token and the user wont have to re-authorize the app. If the refresh token is expired then the user must re-authorize.
The second option is to use a JWT token. This means your app will use its own (a service user) security context. In this case your app will not prompt the user for authorization, however the user security context still applies to it's content, so either the user shared the content with the service user, or the JWT token is configured as "enterprise access" and can make calls "as-user".
Check out the authentication types documentation.
Please sign in to leave a comment.
Comments
1 comment