Server Side OAuth 2.0 Authentication without Internet Browser
Is there any way to authenticate using OAuth 2.0 without an Internet Browser? I wanted to authenticate through this instead of Server JWT Authentication, but it wasn't clear to me whether this was possible without the use of a user interface.
-
The short answer to this one is that the OAuth 2 flow will require the user validation with the redirect. The OAuth 2 / JWT flow is the correct one to use to bypass the need for a browser and redirect.
I've seen a few instances where a traditional OAuth 2 flow can be used without a browser. The first instance is when using it for a two-legged flow (without the user). This is typically used to basically track usage and rate limits for the application when there is no privileged user information in the mix. Since Box applications typically deal with core users and enterprises, this one is not one we support like that.
The other method that I have seen is to use a pre-validated access token, which would typically be granted to highly trusted and vetted applications (almost extensions of the company itself). There is typically some way of granting access to these applications in another way. This is not something that we support in that flow either.
With all of that said, JWT is the best way to bypass the authentication / browser piece, as the identity requirements are handled through another authentication method that you define in the flow.
Hope that helps,
Jon
Please sign in to leave a comment.
Comments
1 comment