Level up your Box knowledge with brand new learning paths on Box University. Visit training.box.com to get started

Box Status

Is it possible to access a shared external folder using JWT authentication?

Answered
Follow
New post
Arthur Duarte

Greetings,

I am trying to integrate our app with Box, so we could upload some files to an external folder, shared by a customer from their Box account. This folder is visible to our Box account as an External folder and is shared with my_user as an editor.

So far, we could create a first version of a custom app in our Box account, using the Python sdk. This app was configured with OAuth2.0 authentication and using a Developer token. Considering this, we could access this external folder and upload files to it, using our python code with oath2.0 client and developer token.

What we want now is a more automatic approach, without human interaction, so we won't need to generate this developer token every time.

For this, we modified our app using JWT authentication and impersonating the client as my_user (which should have access to this external folder). Now, our app can access the existing folders from our Box account, but when we try to access this external folder, it returns "404 - Not Found".

Can you guide me if do we need any extra configuration from this JWT client or in this external folder?

Here is our app configuration in Box developer console:

  • Authentication Method: OAuth2.0 with JWT
  • Application Access: Enterprise
  • Application Scopes: ( all options are checked )
  • Advanced Features:
  • Perform Action as Users - ON
  • Generate User Access Tokens - ON

(this app is already authorized by our admin after setting this configurations)

Here is a code sample:

auth = JWTAuth.from_settings_file('my_key_file.json')

access_token = auth.authenticate_instance()
client = Client(auth)

user_to_impersonate = client.user(user_id='<my_user_id>')
user_client = client.as_user(user_to_impersonate)

# root folder, we can access normally
root_folder = user_client.folder(folder_id='0').get()
print(f'Folder id = {root_folder.id} name {root_folder.name}') 
# works fine here...

# external folder, shared by our customer, which my_user can access as editor
ext_folder = user_client.folder(folder_id='<external_folder_id>').get()
print(f'Folder id = {ext_folder.id} name {ext_folder.name}') 
 
# returns error:
#   boxsdk.exception.BoxAPIException: Message: Not Found
#   Status: 404
#   Code: not_found
''
0

Comments

4 comments

Date Votes
  • Official comment
    Kourtney

    Hello Arthur, 

    External content cannot be accessed via the as-user header. Therefore, you will need to directly obtain an access token for the user. 

    Best,

    Kourtney

    Comment actions Permalink
  • Arthur Duarte

    Hi Kourtney, thanks for your answer.
    Do you know, how could I get this token for the user and how can I use it with a JWT authentication client?

    0
    Comment actions Permalink
  • Kourtney

    Arthur, 

    This is done in your JWT assertion. You'll want to set the box_sub_type=user and sub=userID you want the token for. 

    Best, 

    Kourtney

    1
    Comment actions Permalink
  • Arthur Duarte
    • Edited

    Hi Kourtney,
    This link that I your shared was very useful and I could move on with the JWT assertion.

    Specially the Code Samples section, where there is this github repo with complete code examples on how to use the JWT assertion, in my case using Python3:
    https://github.com/box-community/samples-docs-authenticate-with-jwt-api/blob/master/sample.3.py

    I just used this code and the modifications that you suggested for the token and it works, I can access and modify the external folder.

    Thanks a lot.




    0
    Comment actions Permalink

Please sign in to leave a comment.