Level up your Box knowledge with brand new learning paths on Box University. Visit training.box.com to get started

Posibility to authenticate user via standard oauth via post in C#

New post

Comments

7 comments

  • jcleblanc

    Hi ,

     

    With standard OAuth 2 you will not be able to bypass the user login step. You're on the right track though, JWT will be the right method for you to use for that task.

     

    While it's true that when you first authenticate as the JWT application you will be able to access the service account files / folders, you can perform actions as other users in the enterprise or scope the access token to a specific user (like the OAuth 2 method) to access user files instead of the service account. There are two ways to do it:

    1. Scope the access token for the user
    2. Perform actions on behalf of a user

    I'd recommend #1 personally, since having an access token scopes for the user will allow you to downscope the token if you want to reduce the access permissions for security reasons.

     

    Hope that helps,

    Jon

    0
    Comment actions Permalink
  • BAILANDO

    Hi,

    thank you for your answer.

     

    I tried to create simple code only for authentication but im getting exception for null reference in this code, on line with token (sdk.UserToken). I found my id on account settings. What im doing wrong?

     

    private void BoxAuthenticate()
    {
    var reader = new StreamReader("320657095_jsndysht_config.json");
    var json = reader.ReadToEnd();
    var config = BoxConfig.CreateFromJsonString(json);

    var userId = "123xxxxxxxx";
    var sdk = new Box.V2.JWTAuth.BoxJWTAuth(config);
    var token = sdk.UserToken(userId);
    client = sdk.UserClient(token, userId);
    }

     

    0
    Comment actions Permalink
  • BAILANDO

    Now i tried to create app user with API and getting error about JSON deserialize exception

     

    private async void CreateAppUser()
    {
    var userParams = new BoxUserRequest()
    {
    Name = "App User 1",
    IsPlatformAccessOnly = true
    };
    BoxUser newUser = await client.UsersManager.CreateEnterpriseUserAsync(userParams);
    Console.WriteLine(newUser.Name);
    Console.WriteLine(newUser.Role);
    }
    0
    Comment actions Permalink
  • jcleblanc

    Hi ,

     

    Off hand your code seems perfectly fine. Can you post out the full error stack trace and which lines the error is being produced on? I have a recent code sample where I was creating app users with an Okta integration if you want to take a look (bottom of the sample). It's pretty well the same as what you have there though.

     

    With the additional information we can dig in further into the error. 

    0
    Comment actions Permalink
  • BAILANDO

    Hello,

    im sending screens of my code .

    JSON error appear when i tried to create app user into app, because app showing 0 app user (doing it with JWT admin token, it auth succesfully as service account, but cant create app user) and second is when i tried to login as user token, but here can be problem because i use user id for my account, not for app user because app user is not created yet. Application is configured for Application access, not enterprise, because we can't use enterprise access in our enviroment. UserId is edited while debugging, but exception is same with my id either.rider64_1Z457FkWRY.pngrider64_grdReaLFfG.pngrider64_ZJ2FsbcH37.png

    0
    Comment actions Permalink
  • BAILANDO

    Hello,

    any news please? 🙂

     

    I tried again to create JWT via user token access but still getting error.

    0
    Comment actions Permalink
  • BAILANDO

    Problem solved.

    For creating app user i just needed to switch application scope to enterprise scope, create app user, get login and id for new app user and then i can switch back to application scope and fetch data from box for folders and files where this app user is invited in sharing.

     

    Thank you for your help.

     

    Adam.

    0
    Comment actions Permalink

Please sign in to leave a comment.