JWT auth and service account
Hi there.
I was trying to access to my box account with a custom app + JWT auth.
I'm using the following script:
from boxsdk import JWTAuth
from boxsdk import OAuth2, Client
sdk = JWTAuth.from_settings_file('box_config.json')
ac_token = sdk.authenticate_instance(enterprise='######')
auth = OAuth2(
client_id=CLIENT_ID,
client_secret=CLIENT_SECRET,
access_token=ac_token
)
client = Client(auth)
user = client.user().get()
print('Connected to Box API with user {}'.format(client.user().get().login))
print('The current user ID is {0}'.format(user.id))
user_to_impersonate = client.user(user_id=MY_ID)
user_client = client.as_user(user_to_impersonate)
items = user_client.folder(folder_id='0').get_items()
for item in items:
print('{0} {1} is named "{2}"'.format(item.type.capitalize(), item.id, item.name))
The service account data is displayed, then I'm trying to impersonate with my ID, but the account have not permissions to do that:
Connected to Box API with user AutomationUser_1536131_SszqKZrL1Q@boxdevedition.com
The current user ID is 16181977050
"GET https://api.box.com/2.0/folders/0/items?offset=0" 403 217
{'Date': 'Tue, 01 Jun 2021 05:32:09 GMT', 'Content-Type': 'application/json', 'Transfer-Encoding': 'chunked', 'Connection': 'keep-alive', 'Strict-Transport-Security': 'max-age=31536000', 'Cache-Control': 'no-cache, no-store', 'Content-Encoding': 'gzip', 'BOX-REQUEST-ID': '042eded94e0dd0f0744d52e4c973594f6'}
{'code': '---ions',
'help_url': 'http://developers.box.com/docs/#errors',
'message': 'Access denied - insufficient permission',
'request_id': 'q8rgr0gr2pf0gfmi',
'status': 403,
'type': 'error'}
Traceback (most recent call last):
File "C:\Users\000245815\PycharmProjects\devnet_project\ibm-box-app\box_backup_app.py", line 49, in <module>
for item in items:
File "C:\Users\000245815\PycharmProjects\devnet_project\venv\lib\site-packages\boxsdk\pagination\box_object_collection.py", line 105, in next
return next(self._all_items)
File "C:\Users\000245815\PycharmProjects\devnet_project\venv\lib\site-packages\boxsdk\pagination\box_object_collection.py", line 115, in _items_generator
response_object = self._load_next_page()
File "C:\Users\000245815\PycharmProjects\devnet_project\venv\lib\site-packages\boxsdk\pagination\box_object_collection.py", line 156, in _load_next_page
box_response = self._session.get(self._url, params=params)
File "C:\Users\000245815\PycharmProjects\devnet_project\venv\lib\site-packages\boxsdk\session\session.py", line 102, in get
return self.request('GET', url, **kwargs)
File "C:\Users\000245815\PycharmProjects\devnet_project\venv\lib\site-packages\boxsdk\session\session.py", line 158, in request
response = self._prepare_and_send_request(method, url, **kwargs)
File "C:\Users\000245815\PycharmProjects\devnet_project\venv\lib\site-packages\boxsdk\session\session.py", line 406, in _prepare_and_send_request
self._raise_on_unsuccessful_request(network_response, request)
File "C:\Users\000245815\PycharmProjects\devnet_project\venv\lib\site-packages\boxsdk\session\session.py", line 320, in _raise_on_unsuccessful_request
raise BoxAPIException(
boxsdk.exception.BoxAPIException: Message: Access denied - insufficient permission
Status: 403
Code: access_denied_insufficient_permissions
Request ID: q8rgr0gr2pf0gfmi
Headers: {'Date': 'Tue, 01 Jun 2021 05:32:09 GMT', 'Content-Type': 'application/json', 'Transfer-Encoding': 'chunked', 'Connection': 'keep-alive', 'Strict-Transport-Security': 'max-age=31536000', 'Cache-Control': 'no-cache, no-store', 'Content-Encoding': 'gzip', 'BOX-REQUEST-ID': '042eded94e0dd0f0744d52e4c973594f6'}
URL: https://api.box.com/2.0/folders/0/items
Method: GET
Context Info: None
In the App console, I set the following feature:
Could you suggest me a solution, please?
Thanks.
Hernan M
Please sign in to leave a comment.
Comments
2 comments