Level up your Box knowledge with brand new learning paths on Box University. Visit training.box.com to get started

Box Status

App Token Authentication

Answered
Follow
New post
LoCortes

Good morning everybody,

 

I have been trying to do a PoC following the guide specified here: https://docs.box.com/docs/getting-started-with-new-box-view

 

A lot of questions arose, some of them I was able to answer myself but there are other things that I am not sure I have understood clearly or that I am not able to make it work.

 

So... the new type of Authentication method (APP Token) uses the Primary and Secondary Access token and using them I have been able to generate a File token with this piece of code:

 

MultipartBody requestWithBody = Unirest.post(oauth2_url)
        .header("Accept-Encoding", "gzip")
        .header("Accept-Charset", "utf-8")
        .header("Content-Type", "application/x-www-form-urlencoded")
        .field("subject_token", URLEncoder.encode(accessToken, "UTF-8"))
        .field("subject_token_type", "urn:ietf:params:oauth:token-type:access_token")
        .field("scope", URLEncoder.encode(scope, "UTF-8"))
        .field("grant_type", "urn:ietf:params:oauth:grant-type:token-exchange");

 

With that File Token (1!tTOtFtt0jcvU6hyuOW0s - deleted characters - rcYHypd1MgNA..) I then try to generate an embed link (404 error) or upload a document (403 error) and I only receive errors.

 

Also, if I try to specify a scope and a specific document existing in my repository it fails with a 404 error.

 

if(fileID != null)
    requestWithBody.field("resource", "https://api.box.com/2.0/files/" + fileID);

 

I have the application authorized in the box admin console and it indicates that can upload, preview and delete documents.

 

authorization.png

 

But, if I open the information on the second info icon this is the message that appears:

 

authorization_apponly.png

What means data stored or transferred to the application?

 

I think I am missing some important details here.

 

I would appreciate any help on this. 🙂

 

Thank you

 

 

0

Comments

2 comments

Date Votes
  • LoCortes

    Good morning everybody,

     

    finally, I answer myself. After contacting box official support we have discovered several things:

     

    1. The problem came due to the enterprise configuration done to the repository. As the "no creation at root level allowed" option was enabled everytime I tried to create a document a 403 error was raised.
    2. To solve the first step issue, was needed to add the Service Account associated to the application to any other folder to act as the place to create documents. But, alas! that is easier said than done as there is no way to retrieve the Service Account user for a non-box-employee user. That user can not be retrieved from the Admin console, the developer console or even the API. Why? Because this type of application has the scopes limited to "upload_content", "item_preview" and "item_delete". So if you try to retrieve the current user information it fails.
    3. I needed to recieve, from BOX support, the ID of the Service Account user. Once I had that ID I was able to retrieve the mail with the method https://api.box.com/2.0/users/${"USER_ID"}. With that I retrieved the account (***email address removed for privacy***).
    4. With the account mail retrieved on the third step, finally, I could add the user on a folder as co-owner that would fit my purposes.
    5. Using the ID of the folder and the API, finally I was able to upload and retrieve documents with that application.

    I hope this helps somebody.

     

    Thanks.

    0
    Comment actions Permalink
  • Murtza

     Thanks for updating the thread with this information!

    0
    Comment actions Permalink

Please sign in to leave a comment.