Join BoxWorks in San Francisco Nov 12-13! Keynotes, product demos, and Box Master Classes. Reserve your spot!

CLI command tokens:get does not work.

New post

Comments

14 comments

  • Minh Nguyen Cong

    Hi VI Web Portal

    The problem you are having in this case, seems to be that you have not authenticated your BoxCLI with Box yet.

    In order to do that, you can follow this instruction: https://developer.box.com/guides/cli/cli-docs/jwt-cli/ . It will help you get started with BoxCLI using JWT authentication.
    Just keep in mind that, after authenticating with BoxCLI, you don't need to get the token for each time you run a command, as your request will be authenticated by JWT configuration.

    If you have any other questions, just let us know.

    Best,
    Minh Nguyen Cong

    0
    Comment actions Permalink
  • Tuy Mai

    I originally setup CLI using a OAuth 2.0 (User or Client Authentication) as suggested by the QuickStarts article.

    After switching to a OAuth 2.0 with JSON Web Tokens (Server Authentication) App, I can get back a token.  However, using this token I do not get any items when query the root folder (id = 0).  Any suggestion?  The same query using the Developer token from the same app does not have any problems listing the files and folders in the root folder.

    0
    Comment actions Permalink
  • Minh Nguyen Cong

    Hi Tuy Mai

    Please aware that if you are authenticating using OAuth 2.0, it means that you are using your user account for every command. But if you are authenticating using JWT, you will use an App Account when call the command, and this account will have separate storage, login, permission, ... from your user account.

    So in this case, if your app granted the permission to "Make API calls using the as-user header" in the JWT App configuration page, you can append this flag  `--as-user=user-id` to the command, then the command will be run as some specific user but not by the App User anymore.

    Example:

    box folders:items 0 --as-user=123456

    Best,
    Minh

    0
    Comment actions Permalink
  • Tuy Mai

    Thanks for a quick response.  That makes sense.  However, I could not get it to work.  First I went to the App's General Settings and get the UserID from there (this user ID and enterprise ID are the same for all custom apps).  Then went to the App's Configuration, checked the box "Make API calls using the as-user header", clicked Save Changes, and waited 10 mins or so.  I tried the command below:

    box folders:items 0 --as-user=19054*******

    And get this error:
    Unexpected API Response [403 Forbidden | mbdmythew46m6r94.0e4dd9bdb8ead9b372af717f4ed91e72] access_denied_insufficient_permissions - Access denied - insufficient permission

    0
    Comment actions Permalink
  • Minh Nguyen Cong

    Hi Tuy Mai

    You can try to create a new public / private key pair, generate the JSON config file, then add it into BoxCLI again. I think it will work.

    Best,

    Minh

    0
    Comment actions Permalink
  • Tuy Mai

    Apparently, the token has very limited scopes even in the App Account (not the as-user).  I could not create folders/files/... Even though on the Configuration page, "Read all...", "Write all...", etc are selected.  Please advice:

    C:\Users\test>box folders:create 0 "Level2"
    Unexpected API Response [403 Forbidden | .075ce3c65b8298fbae27498286733bed7]

    Screenshot of configuration:

    0
    Comment actions Permalink
  • Minh Nguyen Cong

    Hi Tuy Mai

    Here is a few things you can try to check it:
    - Get the current user information to see if you are authenticated as correct user by

    box  users:get

    In case it return something like error 403, it means that the JWT you are using is invalid at this moment, and you should generate and import the new config file.

    - When you changed something in the Configuration pages, I recommend you to remove the previous public key (red button on your screenshot), and generate new Public/Private keypair. Download the new JSON config file. Then use this command to add it to BoxCLI.

    box configure:environments:add PATH --name=profile-name

    - Then set the new added profile as default profile using:

    box configure:environments:set-current profile-name

    If it still does not work for you, just let me know.

    P.s: Maybe you can try the option "Generate user access tokens" also.

    0
    Comment actions Permalink
  • Tuy Mai

    All ready tried recreating the pair.  Will try to create a new App next.

    0
    Comment actions Permalink
  • Tuy Mai

    Box users:get work fine.

    Type: user
    ID: '262708******'
    Name: VIGeneral001
    Login: AutomationUser_204****_******@boxdevedition.com
    Created At: '2023-06-06T21:47:02-07:00'
    Modified At: '2023-06-07T15:35:32-07:00'
    Language: en
    Timezone: America/Los_Angeles
    Space Amount: 10737418240
    Space Used: 0
    Max Upload Size: 2147483648
    Status: active
    Job Title: ''
    Phone: ''
    Address: ''
    Avatar URL: 'https://app.box.com/api/avatar/large/2627*****'
    Notification Email: []

    "box folders:items 0" works, but return no files/folders.

     

    0
    Comment actions Permalink
  • Minh Nguyen Cong

    So it's working as expected, as I mention before here: https://support.box.com/hc/en-us/community/posts/17420467407891/comments/17495916543635 

    You can put --as-user flag to the command to get the files of other users.

    0
    Comment actions Permalink
  • Tuy Mai

    No, nothing seems to work.  --as-user does not work.  

    Worse, we cannot modify anything under even the app own App Account. 
    To be sure, we deleted all the existing apps.  Deleted all configuration:environments.  Reboot the computer.  Created and setup a brand new App.  Add a new environment.  But still no go.  Please see the CLI output below:

    C:\Users\test>box configure:environments:get
    No environment(s) exists

    C:\Users\test>box configure:environments:add C:\Projects\VI\portal\portal-box\Jun12_config.json --name=jun12
    Successfully added CLI environment "jun12"

    C:\Users\test>box configure:environments:set-current jun12
    The jun12 environment has been set as the default

    C:\Users\test>box configure:environments:get
    Jun12:
        Client ID: ****
        Enterprise ID: '****'
        Box Config File Path: 'C:\Projects\VI\portal\portal-box\Jun12_config.json'
        Has Inline Private Key: true
        Private Key Path: null
        Name: jun12
        Default As-User ID: null
        Use Default As-User: false
        Cache Tokens: true

    C:\Users\test>box users:get
    Type: user
    ID: '****'
    Name: TestJun12
    Login: AutomationUser_****_****@boxdevedition.com
    Created At: '2023-06-12T16:04:02-07:00'
    Modified At: '2023-06-12T16:04:22-07:00'
    Language: en
    Timezone: America/Los_Angeles
    Space Amount: 10737418240
    Space Used: 0
    Max Upload Size: 2147483648
    Status: active
    Job Title: ''
    Phone: ''
    Address: ''
    Avatar URL: 'https://app.box.com/api/avatar/large/****'
    Notification Email: []

    C:\Users\test>box users:get
    Type: user
    ID: '****'
    Name: TestJun12
    Login: AutomationUser_****@boxdevedition.com
    Created At: '2023-06-12T16:04:02-07:00'
    Modified At: '2023-06-12T16:04:22-07:00'
    Language: en
    Timezone: America/Los_Angeles
    Space Amount: 10737418240
    Space Used: 0
    Max Upload Size: 2147483648
    Status: active
    Job Title: ''
    Phone: ''
    Address: ''
    Avatar URL: 'https://app.box.com/api/avatar/large/****'
    Notification Email: []

    C:\Users\test>box folders:items 0
    (no output here)

    C:\Users\test>box folders:create 0 Dir001
    Unexpected API Response [403 Forbidden | .013885b37fe6a7ea0d34bbe8fe0fb92f4]

    C:\Users\test>box files:upload C:\temp\test001.txt
    Unexpected API Response [403 Forbidden]

    Below is the app configuration which shows "Read all.." and "Write all..." are enabled.

    0
    Comment actions Permalink
  • Minh Nguyen Cong

    Hi,

    Can you just following this tutorial, I think you still missing the step to Submit your App to the Enterprise Admin and authorise your app from Admin page.
    https://developer.box.com/guides/cli/cli-docs/jwt-cli/#authorize-the-application

    In the same time, you should change to App + Enterprise Access in App Access Level if you want to access content of other user in your enterprise.

     

    0
    Comment actions Permalink
  • Tuy Mai

    The previous screenshot does not show it, but that was the settings for the previous app.  Below are the output and new setup after creating a new pair and reload the environment.  Still could not add anything to the root folder.

    box configure:environments:delete jun12
    The jun12 environment was deleted

    box configure:environments:add C:\Projects\VI\portal\portal-box\jun12_new_config.json --name=newjun12
    Successfully added CLI environment "newjun12"

    box configure:environments:get
    Newjun12:
        Client ID: ****
        Enterprise ID: '****'
        Box Config File Path: 'C:\Projects\VI\portal\portal-box\jun12_new_config.json'
        Has Inline Private Key: true
        Private Key Path: null
        Name: newjun12
        Default As-User ID: null
        Use Default As-User: false
        Cache Tokens: true

    box users:get
    Type: user
    ID: '****'
    Name: TestJun12
    Login: AutomationUser_****@boxdevedition.com
    Created At: '2023-06-12T16:04:02-07:00'
    Modified At: '2023-06-12T16:04:22-07:00'
    Language: en
    Timezone: America/Los_Angeles
    Space Amount: 10737418240
    Space Used: 0
    Max Upload Size: 2147483648
    Status: active
    Job Title: ''
    Phone: ''
    Address: ''
    Avatar URL: 'https://app.box.com/api/avatar/large/****'
    Notification Email: []

    box folders:create 0 Dir002
    Unexpected API Response [403 Forbidden | .0af1073e1bbb876bc40ec9d218106eae6]

    0
    Comment actions Permalink
  • Tuy Mai

    The app has been authorized.  I believe "box users:get" will show something like "Could not do XYZ on device ABC..." when the app is not authorized.  See screenshot for the settings below:

    0
    Comment actions Permalink

Please sign in to leave a comment.