GET users endpoint returns 200 but the user list is empty

New post

April 26, 2023 04:56
Edited

[Using an Admin developer's account]

Getting the user list always returns 0 user entries.

I am using the OAUTH 2.0 Client Credentials Authentication Type.

I've managed to successfully request the access token, with the scope "manage_app_users", but upon GET request using the verified token, it returns a successful response without any user entry.

Using the "manage_managed_users" scope returns a bad request with desc "An unsupported scope was requested."

I've referred to the available scopes found here https://developer.box.com/guides/api-calls/permissions-and-errors/scopes/#manage-users

I have confirmed that I have two users. And I am also able to retrieve them using the developer's token generated from my app under Box's developers' console.

I have also confirmed my app's Application Scopes setup has the "Manage users" and "Manage groups" marked as checked. The app is also marked with "Authorization Status: Authorized" and "Enablement Status: Enabled"

I don't seem to have this problem when retrieving groups, using the scope "manage_groups".

What is the issue here?

Comments

1 comment

Rui Barbosa

May 03, 2023 20:21

Hi,

Trying using the manage_managed users:

curl --location 'https://api.box.com/oauth2/token' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'grant_type=client_credentials' \
--data-urlencode 'client_id=h...qi' \
--data-urlencode 'client_secret=T...38' \
--data-urlencode 'box_subject_type=enterprise' \
--data-urlencode 'box_subject_id=877840855' \
--data-urlencode 'scope=manage_managed_users'

I get a token, not an error:

{
    "access_token": "W...j",
    "expires_in": 4303,
    "restricted_to": [],
    "token_type": "bearer"
}

Was there any other detail on the "unsupported scope" error message. Could it be you are asking for multiple scope and some other is unsupported?

For example:

curl --location 'https://api.box.com/oauth2/token' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'grant_type=client_credentials' \
--data-urlencode 'client_id=h5z4c7jqyn95dh3n06tv92x3ceztj0qi' \
--data-urlencode 'client_secret=TqbUwNZpmnINazieMaKAXRKR7wTZxA38' \
--data-urlencode 'box_subject_type=enterprise' \
--data-urlencode 'box_subject_id=877840855' \
--data-urlencode 'scope=manage_managed_users admin_read_write'

I get:

{
    "error": "invalid_scope",
    "error_description": "Unsupported scope admin_read_write"
}

I can also confirm that the manage_managed_users scope does list all the users:

{
    "total_count": 7,
    "entries": [
        {
            "type": "user",
            "id": "18662105676",
            "name": "Administrator"
        },
        {
            "type": "user",
            "id": "18662356345",
            "name": "Administrator"
        },
        {
            "type": "user",
            "id": "18661971368",
            "name": "Administrator"
        },
        {
            "type": "user",
            "id": "22240548078",
            "name": "Investment User"
        },
        {
            "type": "user",
            "id": "22240405099",
            "name": "Wealth User"
        },
        {
            "type": "user",
            "id": "22240545678",
            "name": "Wholesale User"
        },
        {
            "type": "user",
            "id": "18622116055",
            "name": "Rui Barbosa"
        }
    ],
    "limit": 100,
    "offset": 0
}

The most common issue here is when we change the application configurations, for example, the application scopes, and then forget to re-submit the app.

Would you try to re-submit the app on the authorization tab, have your administrator approve it, and then try again.

Let us know if this helps.

Please sign in to leave a comment.