Welcome to the new Box Support website. Check out all the details here on what’s changed.

Getting currently logged in User with Enterprise App

Answered
New post

Comments

7 comments

  • tralston

    Let me further clarify that all we are looking to get is the UserID of the currently logged in user. Or if there's some other session/authentication token that is compatible with the BOX NodeJS SDK to identify a user that can then be impersonated with AsUser, that works too.

    0
    Comment actions Permalink
  • kendomen

    if you have an email, you can get the userId like this

     

    // adminClient is from jwt
    adminAPIClient.enterprise.getUsers({filter_term: 'ken.domen@nike.com'}, function (err, data) {
            var userId = data.entries[0].id;
            console.log(email + ": " + userId)
            // do whatever..
    });
    0
    Comment actions Permalink
  • tralston

    What if I have absolutely nothing? I wouldn't trust an email address, some user could figure that out, and enter someone else's email address. It needs to figure out who the authenticated user is without any input whatsoever from the user, i.e. only from the browser session data. It also needs to be cross-browser (Chrome, IE, Firefox, etc.).

    0
    Comment actions Permalink
  • kendomen

    We use both oauth and jwt - https://github.com/kendomen/boxadmin/blob/master/app.js

     

    https://github.com/kendomen/boxadmin

     

    This is an example app that allows co-admins to run admin calls using jwt.

    0
    Comment actions Permalink
  • tralston

    Thank you for a great example. I will look through this more. Am I understanding it correctly that you have two apps authenticating to box? A JWT and an OAuth app? From the dev console, it looks like you have to choose one authentication scheme or another, but not both. If this is true, you have the user login with the Express Passport-Box module (via the OAuth app), which then passes the user id info back to the nodejs server which uses a second app (JWT) to connect to the admin side of things. Am I far off?

    0
    Comment actions Permalink
  • kendomen

    You're right.  I have 2 box applications used by one webapp. 

     

    We created this app to allow normal users (oauth) to be able to perform admin actions (jwt) because we needed to scale out our support team. 

     

    One is used to authenticate the user using oauth.

    The other is used to perform actions that is beyond the authenticated user's scope. 

     

    An example of an action is "update email address". 

    To do that, there's these steps:

         1.  transfer content from the old user to the new user

         2.  delete the old user

         3.  add email alias

         4.  update the alias to be the primary email

         5.  remove email alias

     

    migrate-users.png

    0
    Comment actions Permalink
  • tralston

    Thanks for the great explanation and example.

    0
    Comment actions Permalink

Please sign in to leave a comment.