Level up your Box knowledge with brand new learning paths on Box University. Visit training.box.com to get started

Box Status

First step: Picking the right authentication method

Follow
New post
stenci

I am confused about what type of authentication to pick for my first app.

 

I want to perform some actions on the selected files.

 

The actions will be triggered in two ways:

- by selecting the files and dropping them on some desktop shortcuts; the shortcuts will execute a Python script and pass the list of filenames as arguments

- by selecting the files and picking one item on a customized File Explorer context menu

 

The actions executed by the app will include editing the files metadata, editing the sharing options and changing owner of the file from the logged in user to an App user or from the App user back to the logged in user (depending on what command is executed).

 

I have read the documentation about picking the auth type, but I still don't understand what direction to take.

 

It looks like I should go the OAuth way, because the action always starts from the desktop of a logged in user, while the JWT is used with server to server authentication. But I tried following the guide and it talks about a redirectURI, as if the authentication started from a server.

 

What is the correct approach for an app with these requirements?

 

Where can I find a working example of both JWT and OAuth authentication?

0

Comments

1 comment

Date Votes
  • braden

    Hi  

     

    Thanks for reaching out to the Box Community! While I can't tell you absolutely which auth type you should use, I can provide some further information for you about what happens when your app makes calls with those two auth types.

     

    A JWT app will always make its calls through a special type of user called a Service Account. The app could make use of an As-User tag to impersonate another user, but fundamentally, it starts the call with a request being sent out from that service account.

    An OAuth 2 Standard app, however, makes its calls from the user who allowed access to the app with the Authentication process. The redirectURL is an integral part of this process. It's important to note that JWT apps must be explicitly approved by an admin from the Admin Console in order to work in a Box enterprise, whereas OAuth 2 Standard apps must only be allowed to function in the enterprise (depending on security settings), and will be authorized by the user themselves to access content and make calls as the user. It's also important to note that only OAuth 2 Standard apps can be listed in the Box App Store.

     

    It sounds like your best bet for your use case would be OAuth 2 Standard, but either option would probably be just fine for what you're building. Let us know if you have other questions, and thanks for your post on the Developer Forum!

     

    Cheers,

    Braden

    0
    Comment actions Permalink

Please sign in to leave a comment.