ReadOnly Downloads
AnsweredRead all of this before Commenting.
At this time our project needs to have read only access to a user's data through the API, and we would prefer that when we ask users to grant us permission to access their data in Box via OAuth2, that they are only giving us read permission, to have one less source of liability.
So at the moment, I'm still testing our project on my own Box account. When I authorized our app with only
Read all files and folders stored in Box
checked, I was able to view the list of files and folders in my Box, but unable to download files.
Thank you for any help you can provide.
After doing a few searches, I found this thread, where another developer had the same problem, and a Box employee explained that downloading a file updated certain file stats, so write permission was required.
After checking:
Read and write all files and folders stored in Box
and reauthorizing the app, I was able to download the file.
That's nice and all, but again, I would really rather not have write permission unless I need it.
Now in that same thread, the Box employee also discussed using downscope to limit permissions.
This part in particular caught my eye
I was working on a sample recently for this same issue and wanted to provide some more context.
It appears that if you set the token downscope scopes to only 'item_read'
it'll allow the download. Here's a sample in Node that shows you that process:
I was able to get the downscope token working with read/write permissions, but not with read-only.
It was afterwards that I noticed that in the list of available scopes, it says that the Parent scope.must be root_readwrite.
So, in case the question wasn't obvious enough from the rest of this post:
Is there a way to download a file from a user's account without having write permission?
I'm having a difficult time believing Box would not have a way to do this. It would be a really, really stupid and unnecessary source of liability if that were the case.
-
What does this even mean? I've been programming computers for over 40 years, and I will tell you, this answer is nonsense. I'm exporting all my box files to OpenOffice files, because I need to keep versioned copies of exactly what was written from version to version. I will never use box again.
Please sign in to leave a comment.
Comments
4 comments