Level up your Box knowledge with brand new learning paths on Box University. Visit training.box.com to get started

Server side authentication without user interaction

New post

Comments

3 comments

  • jcleblanc

    Hi ,

     

    You're correct, JWT will be the way to go. This guide will walk you through the JWT process (includes Java samples) without the use of one of the SDKs.

     

    - Jon 

    0
    Comment actions Permalink
  • dandennhardt

    Hey  - I suspect you'll want to use what we refer to as "JWT Auth" in our documentation, which allows you to create an application that interacts with Box without involving an explicit user authorization step via browser.

     

    Since you aren't using our SDKs, the process of authenticating is a bit tricky, but our documentation should get you through it - see this page (which has code examples): https://developer.box.com/guides/authentication/jwt/without-sdk/

     

    I suggest you read the following before you get started:

    https://developer.box.com/guides/authentication/jwt/

    https://developer.box.com/guides/authentication/select/

     

    0
    Comment actions Permalink
  • j321

    Hi ,  

     

    Thanks for the references. I've went over them and I'm unsure if they can solve the issue I'm facing.

    If I understand correctly, in order to use the authentication flow with JWT and without user interaction, I need to use a public/private key pair. This in turn requires 2FA which means that I must enter a valid phone number. This is problematic as a user that is going to authorize the app does not always have a phone number configured.

     

    I'm trying to do server to server authentication. This should happen in the background without user involvement.

     

    Is there a way to authenticate without user interaction and without a phone number? I'm looking for a flow similar to:

    1. User creates an app that uses OAuth2.0 with JWT

    2. User provides my service a set of creds: client ID and client secret (and possibly something else)

    3. My service authenticates and gets a token to retrieve data from Box

    4. If the token expires, my service refreshes/creates a new token to retrieve data

     

    Thanks,

    J

     

    0
    Comment actions Permalink

Please sign in to leave a comment.