We have an Enterprise App, which authenticates via JWT to Box for our enterprise. It's developed only for our enterprise internal use. We are able to invoke AsUser to impersonate users successfully, if we know the UserID. We are designing this app so that any user who's already logged into Box (we use Okta) can load the app from an intranet url, and access information about their account, files, etc.
The problem we are trying to solve, is how to pass the information from the browser of who the currently logged in user is to the app. We are using the Box NodeJS SDK. Since this is being done with the enterprise app (JWT) we won't be using the OAuth protocol. Can this be done with our current setup, without writing a separate app (with oauth) to be used as a go-between? Thank you.
Please sign in to leave a comment.