App Users for external/customer enterprises

New post



  • Murtza

    To access content from a Managed User's Box Account, you will need to implement the OAuth authentication process.


    App Users are designed to be used with JWT Authentication. App Users are API-only users in Box. For example, if you are building an application and need a place to store and access files on behalf of your end users, you can use App Users for this.

    Comment actions Permalink
  • Box Product Support

    Yes my server will read and modify files without direct user interaction, and for enterprise I want the option to access files for potentially that entire enterprise account, or maybe somthing more specific like a certain user group.



    My server can store and refresh those OAuth tokens indefinitely, but looks like it would be more appropriate for my server to work with JWT?


    The option I see is to do OAuth with "Manage app users" and ask an Enterprise admin to authorise it for their account, then use my own code to create the App User and discard the OAuth tokens. Is that the correct process?


    EDIT: Actually on testing that does not seem to work, so I am still very unclear on how I am meant to support enterprises, the OAuth seems to only work for single users, such as my personal account.


    Having added the enterprise permissions to the app (User Type: App Users, and all scopes except "Manage enterprise" which was disabled), and going through OAuth again with my main/admin account, "/users/" does list all the users I put in my account.


    But "/folders/" etc. is still only my specific user, "/users/me" has no "enterprise" value, and if I manually put the enterprise ID (from ) as a JWT claim sub, I get "This app is not authorized by the enterprise admin".


    Comment actions Permalink

Please sign in to leave a comment.