Level up your Box knowledge with brand new learning paths on Box University. Visit training.box.com to get started

response difference on JWT OAuth and standard OAuth

New post

Comments

4 comments

  • bettaio

    Hi , when you use JWT you don't authenticate as you, the managed user. Instead you are authenticate as a service account, which obviously does not have access to your files and folders.

     

    You can use the as-user header to access your own files and folders.

     

    https://developer.box.com/guides/authentication/jwt/as-user/

    0
    Comment actions Permalink
  • snc

     Thanks for the quick response. 
    I am using JWT without SDK as there is no documentation for php in other methods (Reference), I'm following the sample code provided in the GitHub page, where they do not mention to perform any such action that's probably why I didn't do so. 
    Nevertheless, after your suggestion I used 'as-user' in header, but it gives the following error - 

     

    Message: Client error response [url] https://api.box.com/2.0/folders/0 [status code] 403 [reason phrase] Forbidden

     

     Is there anything else I can do? Am I still missing something? Please respond _/\_

    0
    Comment actions Permalink
  • snc

    As  suggested I was authorizing as enterprise but to view, download or upload files I must have access as a user. I achieved success by using 'box_sub_type'  as 'user' instead of 'enterprise' and passing {user id} instead of {enterprise id}. 

     

    Change this ↓↓

    $claims = [
    	  'iss' => $config->boxAppSettings->clientID,
    	  'sub' => $config->enterpriseID,
    	  'box_sub_type' => 'enterprise',
    	  'aud' => $authenticationUrl,
    	  'jti' => base64_encode(random_bytes(64)),
    	  'exp' => time() + 45,
    	  'kid' => $config->boxAppSettings->appAuth->publicKeyID
    	  ];

    to 

    this ↓↓

    $userID =  '123456';
    		
    $claims = [
    	  'iss' => $config->boxAppSettings->clientID,
    	  'sub' => $userID,
    	  'box_sub_type' => 'user',
    	  'aud' => $authenticationUrl,
    	  'jti' => base64_encode(random_bytes(64)),
    	  'exp' => time() + 45,
    	  'kid' => $config
          ];

     References - 

    0
    Comment actions Permalink
  • bettaio

    That works as well. 👍🏻

    0
    Comment actions Permalink

Please sign in to leave a comment.