Automating Access Token

Follow

New post

Rakshitha S

• March 17, 2023 12:20

My Box app is currently using JWT authentication but not able to upload the files or get the files from my account. For this app, the service account also got generated. 

0

• 

  Rui Barbosa

  • March 21, 2023 22:47
  • Edited

  Hi Rakshita,

  You're not giving us much to analyze...

  Typically this situation means you are trying to access your personal folder using a service account, for which you have not specifically granted access to.

  There are 2 options here, either you specifically grant access to the service account or you use the service account "as-user" flag and ask the service account to impersonate you, which is preferred.

  Consider this example in python:

  from boxsdk import JWTAuth, Client
  from boxsdk.object.file import File
  
  
  class CFG:
      """config class"""
  
      JWT_CONFIG_FILE = ".jwt.config.json"
      AS_USER = "18622116055"
      PARENT_FOLDER_ID = "0"  # folder id 0 is root folder
  
  
  def get_box_client(as_user: bool = False):
      """get a box client"""
      auth = JWTAuth.from_settings_file(CFG.JWT_CONFIG_FILE)
      service_client = Client(auth)
      if not as_user:
          return service_client
      user = service_client.user(CFG.AS_USER)
      return service_client.as_user(user)
  
  
  def print_items(items):
      """print items"""
      print("\n")
      print("Type\tID\tName")
      print("----\t--\t----")
      for item in list(items):
          print(f"{item.type}\t{item.id}\t{item.name}\t")
  
  
  def main():
      """main function"""
  
      client = get_box_client(as_user=False)
  
      # print current user info
      user = client.user().get()
      print(f"Current User: {user.name}\tid:{user.id}")
  
      users = client.users()
      for user in users:
          print(f"User: {user.name}\tid:{user.id}\tlogin:{user.login}")
  
      # list files in parent folder
      items = client.folder(CFG.PARENT_FOLDER_ID).get_items()
      print_items(items)
  
      # client impersonating a user
      client_as_user = get_box_client(as_user=True)
  
      # print current user info
      user = client_as_user.user().get()
      print(f"Current User: {user.name}\tid:{user.id}")
  
      # list files in parent folder
      items = client_as_user.folder(CFG.PARENT_FOLDER_ID).get_items()
      print_items(items)
  
  if __name__ == "__main__":
      main()
      print("\n")
      print("-" * 80)
      print("All Done!")

  This will show you the service user (JWT app):

  Current User: UI-Elements-Sample        id:20344589936

  The list all users visible to the service user (JWT app)

  User: Administrator     id:18662105676  login:AppUser_1715931_Il2dcyHuqu@boxdevedition.com
  User: Administrator     id:18662356345  login:AppUser_1715931_vt8XOps1Ff@boxdevedition.com
  User: Administrator     id:18661971368  login:AppUser_1715931_xSifhdw6W7@boxdevedition.com
  User: Investment User   id:22240548078  login:barduinor+inv@gmail.com
  User: Wealth User       id:22240405099  login:barduinor+we@gmail.com
  User: Wholesale User    id:22240545678  login:barduinor+wh@gmail.com
  User: Rui Barbosa       id:18622116055  login:barduinor@gmail.com

  an then list the service user (JWT app) contents of its root folder (0):

  Type    ID      Name
  ----    --      ----
  folder  177388203339    100k
  folder  198947288178    aaaa
  folder  172599089223    Bookings
  folder  163422716106    Box UI Elements Demo
  folder  189803765719    ClassificationService
  folder  198775845609    JWT Folder for UI Sample Apps
  folder  172611202270    My Signed Documents
  folder  198948099055    Shared with RB
  folder  170845975022    Waivers
  folder  176837925976    Webhook

  However I'm interested in impersonating 18622116055 (Rui Barbosa), and that is what the below code does:

  # client impersonating a user
  client_as_user = get_box_client(as_user=True)

  with this method:

  def get_box_client(as_user: bool = False):
      """get a box client"""
      auth = JWTAuth.from_settings_file(CFG.JWT_CONFIG_FILE)
      service_client = Client(auth)
      if not as_user:
          return service_client
      user = service_client.user(CFG.AS_USER)
      return service_client.as_user(user)

  Then when I ask who is the current user of the app, it becomes:

  Current User: Rui Barbosa       id:18622116055

  And then I can list all his root files as if he is logged in:

  Type    ID      Name
  ----    --      ----
  folder  172759373899    Barduino User Folder
  folder  172599089223    Bookings
  folder  162833533610    Box Reports
  folder  163422716106    Box UI Elements Demo
  folder  191176042455    Bulk Upload
  folder  189803765719    ClassificationService
  folder  195808887286    Customers
  folder  199899255193    Exact Match
  folder  185583279315    Internal Only Folder
  folder  184121760895    it@plastimould.com - Managed User A's Files and Folders
  folder  184901009434    malware-test-files
  folder  191494027812    Media Samples
  folder  156592455267    My Box Notes
  folder  157064745449    My Sign Requests
  folder  157065079893    My Signed Documents
  folder  165803865043    Preview Samples
  folder  172796453399    Shared Folder Public
  folder  172797684789    Shared Folder Test
  folder  172800574368    Shared with JWT
  folder  198948099055    Shared with RB
  folder  169427162522    UI Elements Demo
  folder  199908799409    Uploads
  file    1010742636771   This is a box note.boxnote
  web_link        22625801630     Shared Folder - GBP Order Forms

  Of course this also depends on how your JWT app is configured.

  Hope this helps, let us know.

  Best regards

  0

  Comment actions Permalink

Please sign in to leave a comment.