Level up your Box knowledge with brand new learning paths on Box University. Visit training.box.com to get started

OAuth2 with JWT Can not access all files and folder

Answered
New post

Comments

6 comments

  • Vancoding

    I'm still working through figuring out the authentication details related to apps, but if you look carefully at the descriptions for Application and Enterprise in the Configuration > Application Access section of your app configuration, note that Application provides access "only to the service account and any app users and content created by your app."

     

    It's my understanding that Enterprise access allows access to existing users and content, but there is not way to restrict an app's scope - it's either all users or none. That's my understanding at least. 

    0
    Comment actions Permalink
  • Jason

    Hi  and !

     

    Great questions - I replied to Sundeep in a support ticket, and I'm happy to share my answer here too (I should've done that in the first place!)

     

    I think you're just missing the concept of users on Box. Each user (including the service account that was created by the JWT login) only has access to their own files. More specifically, users have to either own the content or have a collaboration object for them to the object. I recommend looking over collaborations here:
     
    Service Accounts (what you know as the "JWT login"):
     
    and the rest of our documentation at that page on how Box works. Additionally, it's helpful to try things out in the web application to test various features. That way, you can see how things visually work before working with them strictly via API.

    Hope that helps!
     
    Thanks,
    Jason
    0
    Comment actions Permalink
  • Jason

    An additional note is that a service account is effectively its own "user" with the permissions/scopes of the application at the time you authorized it in the admin console.

     

    For a JWT app, you don't scope the "token" to users, instead you would obtain an access token for the user directly or use the as-user header.

     

    Edited by moderator to fix broken link. 

    0
    Comment actions Permalink
  • dschuler

    The link above in the comment by Jason62 generates a 404 error message.

     

    I have been struggling for some time to get JWT authentication working.  Is it supported or not?  If supported, it would be very helpful if the documentation links worked.  If not supported, references to it should be stricken from the documentation.

     

    Our use case would appear to be a good one for OAuth2 with JWT.  All content will be managed from within our app AND we use our own authentication system.

    0
    Comment actions Permalink
  • scottdodds

    Thanks  for letting us know the link was not working.

     

    Looks like the article moved or was updated – I think this is the new link: https://developer.box.com/docs/construct-jwt-claim-manually#section-performing-user-based-actions

     

    I'll go ahead and edit the solution above to include the new link.

     

    Let us know if that works for you!

    0
    Comment actions Permalink
  • dschuler

    The new link works fine.  Thank you.  I'll also check it on the page.

    0
    Comment actions Permalink

Please sign in to leave a comment.