Can't get java download files example to work

New post



  • jcleblanc

    Hi ,


    This is most likely due to who the access token is scoped for. My guess is that you've set up a JWT application and are trying to download the root folder from your personal user account. The problem is that when you authenticate a JWT application as an admin client (example here) your access token is scoped for the service account, which is the application file / folder structure (info here) and not your user account. What you'll want to do instead is scope the access token for the user that owns the files / folders that you're trying to access. This process is broken down here.


    Basically, instead of this line:

    BoxDeveloperEditionAPIConnection api = BoxDeveloperEditionAPIConnection.getAppEnterpriseConnection(config);


    We'd do something like this for the user we want to access:

    String userId = "12345";
    BoxDeveloperEditionAPIConnection api = new BoxDeveloperEditionAPIConnection.getAppUserConnection(userId, config)


    Comment actions Permalink
  • dsn1

    Thank you ,

    When I change as you suggest, and use what I think is my account id (from my account settings page), I get this on the connect
    invalid_request - Cannot obtain token based on the enterprise configuration for your app

    This is how I created the app
       Create New App
          Custom App
             OAuth 2.0 with JWT
                Give it a name and Create

    Then I went to configuration and did "Generate a Public/Private Keypair"
    "Generate User Access Tokens" is on (and I don't think I changed it)

    Maybe I should start over and explain what I need to do, and let you suggest the correct approach.

    All I need to do is allow my Java application to download files from Box.

    Preferably, these files would be in user's spaces, and I would prompt them for their box credentials and file id (via a web UI not associated with Box). But since we're part of an enterprise account, using SSO, I understood that I can't pass through credentials.

    Alternatively, I thought I could allow them to add files to my space, which I could access via my service account, without needing credentials.

    I'm sure I'm just not understanding something fundamental.

    Please advise, and thanks again!

    Comment actions Permalink
  • jcleblanc

    Hi ,


    Given what you're trying to do, let me break down a few approaches.


    Allowing users to log in to their Box accounts & give you a file ID

    If this is the approach you're looking for, I would actually scrap the JWT application and use the standard OAuth 2 approach. JWT will allow your app to work on behalf of other users, creating users behind the scenes, etc., but if all you want to do is have folks log in and access their files, OAuth 2 is best. Essentially the approach for this app type is:

    1. User comes to your app, you redirect them to Box to log in and grant your application permission to access their files.
    2. Once logged in, Box redirects the user back to your application.
    3. Your app generates an access token that is scoped specifically for that user that logs in, allowing you to access their files / folders.

    Here's a guide on setting that up.


    Allow them to add files to my space, which I could access via my service account, without needing credentials

    This approach will use the JWT application type. I think the previous issue you were running into with this might have something to do with one of these:

    • The users that you can access with this app type have to belong to your enterprise Box instance.
    • On the application configuration, you'll need to select the "enterprise" access setting as opposed to "application". This allows you to access those Box users in your enterprise.

    You can certainly just use your service account to upload all files and folders. The one warning I'll throw out there is that most of our rate limits apply on a "per user" basis. In Box world, a service account is treated like a user account, meaning that if you are pushing all users to use that single service account then all of the traffic for the app has to fit within the rate limits for a single user.


    Also if you want to go down this route, we do have an uploader UI tool available to make things a bit easier.


    Hope that helps with some guidance, but happy to answer any other questions you may have.


    - Jon

    Comment actions Permalink
  • dsn1

    Thanks Jon,


    Regarding allowing users to login and allow my app to access their files, I'm not sure it can work, since it appears that I have to give it a redirect URI where my app will accept the auth code, and in my case, that URI would be inside my company firewall, and not reachable by Box. If there is a way around that, is the access token that is ultimately created permanent? Can I store that and use it for that user the next day, year, forever?

    Regarding allowing them to add files to my service space, I really don't want to do that either, given the limitations you outline.

    I'm really struggling to understand why the example I'm following on the Box developer site isn't working "out of the box". I don't doubt that it's due to some misconfiguration of the application on my part, but I'm at a loss to understand what that is. I created the app in my own account, and have given it a folder id in my account (same one where I am "admin" and have given the app access), and it doesn't work as stated in my first post. Even if I went the "add files to my space" route, I don't see how it would act any differently than the fails I'm seeing now. Isn't a folder / file I added in my account in "my space"? If not, where do I get the folder id of "my space"?

    By the way, the "Email me when someone replies" box doesn't seem to work, as I haven't gotten any emails when you have replied.

    Thanks again. Sorry I'm apparently overly dense about this...

    Comment actions Permalink
  • dsn1

    Someone else suggested to me that I need to "share" the folder with the email address of my application. Is that so? How do I find the email address of my application?

    Comment actions Permalink
  • dsn1

    So yeah, all I was missing was that I hadn't shared the folder / file I was testing with the app. Sure would have been nice if the example Box documentation mentioned that little fact, and how to find the email address of the app! I discovered elsewhere that this is how to find the email in Java

    BoxDeveloperEditionAPIConnection client = BoxDeveloperEditionAPIConnection.getAppEnterpriseConnection(boxConfig);
    BoxUser user = BoxUser.getCurrentUser(client);
    BoxUser.Info userInfo = user.getInfo();

    And the login field of userInfo contains the email address.

    Once I gave that address to the share dialog on the folder and file, everything worked.

    Feel like I wasted a week of my life on this (not really, but very frustrating that the Box documentation is incomplete).

    Comment actions Permalink

Please sign in to leave a comment.