CLI command tokens:get does not work.

New post

VI Web Portal

June 09, 2023 17:41

I tried the command below:

box tokens:get

And got this error:

Enterprise id must be passed

From the CLI --help, the closest argument is user Id. So I tried:

box tokens:get -u 12345678

And got this error:

Must provide app auth configuration to use JWT Grant

How to I feed the app auth to tokens:get?

Comments

14 comments

Minh Nguyen Cong

June 12, 2023 10:33

Edited
Hi VI Web Portal

The problem you are having in this case, seems to be that you have not authenticated your BoxCLI with Box yet.

In order to do that, you can follow this instruction: https://developer.box.com/guides/cli/cli-docs/jwt-cli/ . It will help you get started with BoxCLI using JWT authentication.
Just keep in mind that, after authenticating with BoxCLI, you don't need to get the token for each time you run a command, as your request will be authenticated by JWT configuration.

If you have any other questions, just let us know.

Best,
Minh Nguyen Cong
0

Comment actions Permalink
Tuy Mai

June 12, 2023 16:55
I originally setup CLI using a OAuth 2.0 (User or Client Authentication) as suggested by the QuickStarts article.

After switching to a OAuth 2.0 with JSON Web Tokens (Server Authentication) App, I can get back a token. However, using this token I do not get any items when query the root folder (id = 0). Any suggestion? The same query using the Developer token from the same app does not have any problems listing the files and folders in the root folder.
0

Comment actions Permalink
Minh Nguyen Cong

June 12, 2023 17:24
Hi Tuy Mai

Please aware that if you are authenticating using OAuth 2.0, it means that you are using your user account for every command. But if you are authenticating using JWT, you will use an App Account when call the command, and this account will have separate storage, login, permission, ... from your user account.

So in this case, if your app granted the permission to "Make API calls using the as-user header" in the JWT App configuration page, you can append this flag `--as-user=user-id` to the command, then the command will be run as some specific user but not by the App User anymore.

Example:

box folders:items 0 --as-user=123456

Best,
Minh
0

Comment actions Permalink
Tuy Mai

June 12, 2023 20:54
Thanks for a quick response. That makes sense. However, I could not get it to work. First I went to the App's General Settings and get the UserID from there (this user ID and enterprise ID are the same for all custom apps). Then went to the App's Configuration, checked the box "Make API calls using the as-user header", clicked Save Changes, and waited 10 mins or so. I tried the command below:

box folders:items 0 --as-user=19054*******

And get this error:
Unexpected API Response [403 Forbidden | mbdmythew46m6r94.0e4dd9bdb8ead9b372af717f4ed91e72] access_denied_insufficient_permissions - Access denied - insufficient permission
0

Comment actions Permalink
Minh Nguyen Cong

June 12, 2023 20:57
Hi Tuy Mai

You can try to create a new public / private key pair, generate the JSON config file, then add it into BoxCLI again. I think it will work.

Best,

Minh
0

Comment actions Permalink
Tuy Mai

June 12, 2023 21:36
Apparently, the token has very limited scopes even in the App Account (not the as-user). I could not create folders/files/... Even though on the Configuration page, "Read all...", "Write all...", etc are selected. Please advice:

C:\Users\test>box folders:create 0 "Level2"
Unexpected API Response [403 Forbidden | .075ce3c65b8298fbae27498286733bed7]

Screenshot of configuration:
0

Comment actions Permalink
Minh Nguyen Cong

June 12, 2023 21:52

Edited
Hi Tuy Mai

Here is a few things you can try to check it:
- Get the current user information to see if you are authenticated as correct user by

box users:get

In case it return something like error 403, it means that the JWT you are using is invalid at this moment, and you should generate and import the new config file.

- When you changed something in the Configuration pages, I recommend you to remove the previous public key (red button on your screenshot), and generate new Public/Private keypair. Download the new JSON config file. Then use this command to add it to BoxCLI.

box configure:environments:add PATH --name=profile-name

- Then set the new added profile as default profile using:

box configure:environments:set-current profile-name

If it still does not work for you, just let me know.

P.s: Maybe you can try the option "Generate user access tokens" also.
0

Comment actions Permalink
Tuy Mai

June 12, 2023 22:06
All ready tried recreating the pair. Will try to create a new App next.
0

Comment actions Permalink
Tuy Mai

June 12, 2023 22:11
Box users:get work fine.

Type: user
ID: '262708******'
Name: VIGeneral001
Login: AutomationUser_204****_******@boxdevedition.com
Created At: '2023-06-06T21:47:02-07:00'
Modified At: '2023-06-07T15:35:32-07:00'
Language: en
Timezone: America/Los_Angeles
Space Amount: 10737418240
Space Used: 0
Max Upload Size: 2147483648
Status: active
Job Title: ''
Phone: ''
Address: ''
Avatar URL: 'https://app.box.com/api/avatar/large/2627*****'
Notification Email: []

"box folders:items 0" works, but return no files/folders.
0

Comment actions Permalink
Minh Nguyen Cong

June 12, 2023 22:13
So it's working as expected, as I mention before here: https://support.box.com/hc/en-us/community/posts/17420467407891/comments/17495916543635

You can put --as-user flag to the command to get the files of other users.
0

Comment actions Permalink
Tuy Mai

June 12, 2023 23:28
No, nothing seems to work. --as-user does not work.

Worse, we cannot modify anything under even the app own App Account.
To be sure, we deleted all the existing apps. Deleted all configuration:environments. Reboot the computer. Created and setup a brand new App. Add a new environment. But still no go. Please see the CLI output below:

C:\Users\test>box configure:environments:get
No environment(s) exists

C:\Users\test>box configure:environments:add C:\Projects\VI\portal\portal-box\Jun12_config.json --name=jun12
Successfully added CLI environment "jun12"

C:\Users\test>box configure:environments:set-current jun12
The jun12 environment has been set as the default

C:\Users\test>box configure:environments:get
Jun12:
Client ID: ****
Enterprise ID: '****'
Box Config File Path: 'C:\Projects\VI\portal\portal-box\Jun12_config.json'
Has Inline Private Key: true
Private Key Path: null
Name: jun12
Default As-User ID: null
Use Default As-User: false
Cache Tokens: true

C:\Users\test>box users:get
Type: user
ID: '****'
Name: TestJun12
Login: AutomationUser_****_****@boxdevedition.com
Created At: '2023-06-12T16:04:02-07:00'
Modified At: '2023-06-12T16:04:22-07:00'
Language: en
Timezone: America/Los_Angeles
Space Amount: 10737418240
Space Used: 0
Max Upload Size: 2147483648
Status: active
Job Title: ''
Phone: ''
Address: ''
Avatar URL: 'https://app.box.com/api/avatar/large/****'
Notification Email: []

C:\Users\test>box users:get
Type: user
ID: '****'
Name: TestJun12
Login: AutomationUser_****@boxdevedition.com
Created At: '2023-06-12T16:04:02-07:00'
Modified At: '2023-06-12T16:04:22-07:00'
Language: en
Timezone: America/Los_Angeles
Space Amount: 10737418240
Space Used: 0
Max Upload Size: 2147483648
Status: active
Job Title: ''
Phone: ''
Address: ''
Avatar URL: 'https://app.box.com/api/avatar/large/****'
Notification Email: []

C:\Users\test>box folders:items 0
(no output here)

C:\Users\test>box folders:create 0 Dir001
Unexpected API Response [403 Forbidden | .013885b37fe6a7ea0d34bbe8fe0fb92f4]

C:\Users\test>box files:upload C:\temp\test001.txt
Unexpected API Response [403 Forbidden]

Below is the app configuration which shows "Read all.." and "Write all..." are enabled.
0

Comment actions Permalink
Minh Nguyen Cong

June 12, 2023 23:41
Hi,

Can you just following this tutorial, I think you still missing the step to Submit your App to the Enterprise Admin and authorise your app from Admin page.
https://developer.box.com/guides/cli/cli-docs/jwt-cli/#authorize-the-application

In the same time, you should change to App + Enterprise Access in App Access Level if you want to access content of other user in your enterprise.
0

Comment actions Permalink
Tuy Mai

June 12, 2023 23:53
The previous screenshot does not show it, but that was the settings for the previous app. Below are the output and new setup after creating a new pair and reload the environment. Still could not add anything to the root folder.

box configure:environments:delete jun12
The jun12 environment was deleted

box configure:environments:add C:\Projects\VI\portal\portal-box\jun12_new_config.json --name=newjun12
Successfully added CLI environment "newjun12"

box configure:environments:get
Newjun12:
Client ID: ****
Enterprise ID: '****'
Box Config File Path: 'C:\Projects\VI\portal\portal-box\jun12_new_config.json'
Has Inline Private Key: true
Private Key Path: null
Name: newjun12
Default As-User ID: null
Use Default As-User: false
Cache Tokens: true

box users:get
Type: user
ID: '****'
Name: TestJun12
Login: AutomationUser_****@boxdevedition.com
Created At: '2023-06-12T16:04:02-07:00'
Modified At: '2023-06-12T16:04:22-07:00'
Language: en
Timezone: America/Los_Angeles
Space Amount: 10737418240
Space Used: 0
Max Upload Size: 2147483648
Status: active
Job Title: ''
Phone: ''
Address: ''
Avatar URL: 'https://app.box.com/api/avatar/large/****'
Notification Email: []

box folders:create 0 Dir002
Unexpected API Response [403 Forbidden | .0af1073e1bbb876bc40ec9d218106eae6]
0

Comment actions Permalink
Tuy Mai

June 12, 2023 23:58
The app has been authorized. I believe "box users:get" will show something like "Could not do XYZ on device ABC..." when the app is not authorized. See screenshot for the settings below:
0

Comment actions Permalink

Please sign in to leave a comment.