Welcome to the new Box Support website. Check out all the details here on what’s changed.

How to Collaborate JWT Service Account

Answered
New post

Comments

6 comments

  • thomastaylorjr

    Would the best way be to create an account with the JWT authentication, then use that user account? Am I misunderstanding how JWT Service accounts work?

    0
    Comment actions Permalink
  • Jason

    Hi , great question!

     

    Let's get the quick stuff out of the way - to find info on your service account, you can use the "Get Current User" method:
    https://github.com/box/box-python-sdk/blob/master/docs/usage/user.md#get-the-current-users-information

    current_user = client.user().get()

    This will give you back the standard set of user information like "login" and "user id".

     

    Giving access to your service account and content sounds like the part you're getting hung up on, and that's ok! I'm a visual learner, and working through permissions hierarchies was weird for me at first too.

     

    You don't need to create alternate box accounts or app users and collaborate them into each individual file. The most common way to achieve your desired end result is to invite the service account as a collaborator to the top-level folder, where the service account would then have access to the child folders. Since your app is rather restricted via its scopes, it won't be able to add itself to your select primary folders, so the easier way to do it is to invite the "login" of the service account as a collaborator to the primary folder via the UI on Box.com. If you used your own admin account, that would do the trick.

    For next steps, try this:

    • Get the login/user ID fields for your service account
    • In the UI, add the "login" for your service account as a collaborator to your primary folder (you said there's only a few, correct? If so this should be OK to do manually as a one-time operation. If you anticipate needing to access more primary folders on a programmatic basis, you might have to open up your scopes a bit).
    • Once your service account is a collaborator, you can then create your folder structure and upload a file / interact with that file.

    I hope that helps - please let me know how it goes!

     

    Thanks,

    Jason

    0
    Comment actions Permalink
  • thomastaylorjr

    Thank you ! Following your advice, I was able to confirm that I was authenticated as the service account user; however, in our environment, we add collaborators by email (searching by my app's name didn't work). After working with my Box admin a bit, he gave me just enough permissions to add an email alias to the App so that we could add it as an editor to specific folders. He revoked those permissions, and now I'm achieving my end goal of adding the box app as a collaborator to folders I have access to.

     

    Thanks for your help!

    0
    Comment actions Permalink
  • nathancday

    Hi , can you give any more details about "creating an email alias" for your service account. I am in a similar position where we use email-IDs to invite collaborators, but finding out how to do that with the service account has been a struggle.

    0
    Comment actions Permalink
  • ela3

     

     

    just like you here described: ’ The most common way to achieve your desired end result is to invite the service account as a collaborator to the top-level folder, where the service account would then have access to the child folders. ‘ 

    I also saw the answer of  in this question: JWT access folders and files

    He said there are two ways : 'The simplest way to gain access to a folder owned by another user is to either collaborate (share) that folder with the service account, or to explicitly authenticate as that user with the As-User header. ' 

    What I want is that this service account could access the content of this folder, which my box'account is co-owner of this folder. And I decided first try to share the folder with the service account. What I found on UI is, I could share the folder with adding Email address. But the service account I just know the user_id, not the Email address. Could you tell me more in detail how could I share a folder to a service account? Thanks! 

     

     

    0
    Comment actions Permalink
  • cbetta

    We'd advice using the actual API to add the user as a collaborator to the folder. But if you want you can use this API to get the current user's email https://developer.box.com/reference/get-users-me/

    0
    Comment actions Permalink

Please sign in to leave a comment.