Transfering content from App Users to Service Account
AnsweredI am looking to update an integration with Box to switch file ownership from App Users to the Service Account.
Though I'm working through the Python SDK, I followed the example in the documentation for this scenario: https://developer.box.com/docs/deprovision-user-accounts
from boxsdk import Client, JWTAuth
auth = JWTAuth(
client_id='our_client_id',
client_secret='our_app_secret',
enterprise_id='our_enterprise_id'
jwt_key_id='our_public_key_id',
rsa_private_key_file_sys_path='path_to_private_key',
rsa_private_key_passphrase='our_passphrase',
)
access_token = auth.authenticate_instance()
client = Client(auth)
service_account_user = client.user().get()
app_user = client.user('app_user_id_to_transfer_from').get()
app_user.transfer_content(service_account_user)
The Box API response at the end is a 403 with the header fields error="insufficient_scope", error_description="The request requires higher privileges than provided by the access token."
Any insight into why the API isn't allowing me to complete this operation?
Thanks!
-
Would you be able to provide the full body response of the error message, a date/time/timezone you received the error, and your client ID? I can a closer look at this from the backend.
If you aren't comfortable sharing that information here, please open a ticket with our Product Support team at support.box.com and include the info above.
Best,
Kourtney
Box Technical Support Engineer
-
Thanks for the quick response .
Here are the response fields captured in the exception returned by the SDK:
Message: None
Status: 403
Code: None
Request ID: None
Headers: {'Transfer-Encoding': 'chunked', 'BOX-REQUEST-ID': '0or29aumrfivnqrh64jej5bdukp', 'Strict-Transport-Security': 'max-age=31536000', 'Connection': 'keep-alive', 'Date': 'Tue, 02 Jul 2019 19:15:58 GMT', 'WWW-Authenticate': 'Bearer realm="Service", error="insufficient_scope", error_description="The request requires higher privileges than provided by the access token."'}
URL: https://api.box.com/2.0/users***phone number removed for privacy***/folders/0
Method: PUT
Context Info: NoneThis corresponds to a request sent today, July 2, at 3:15pm EST. The client ID is o7or2lm976x0s5adtou5z8tuxf777c7f.
-
Thanks so much for the info! In order for this call to be successful you will need to change the application scope to "enterprise" and ensure the "manage users" scope is enabled. After making these changes, ensure you re-authorize the application in the admin console and obtain a new token.
Please sign in to leave a comment.
Comments
3 comments