"Server Authentication (with JWT)" versus "Server Authentication (Client Credentials Grant)"

Follow

New post

Steve DeBusschere

• August 09, 2021 14:58

My application needs to access all Box user accounts in the Box enterprise. I'm trying to decide whether to use "Server Authentication (with JWT)" or "Server Authentication (Client Credentials Grant)". Using JWT requires an additional public/private key. Is this authentication option more secure? When should I use one versus the other? 

0

• 

  Mr. Smith

  • October 04, 2021 12:58

  Could somebody at Box respond to this two-month-old question?

  0

  Comment actions Permalink
• 

  Steve DeBusschere

  • November 24, 2021 18:09

  This is pretty bad support...3 months without any response from Box.

  0

  Comment actions Permalink
• 

  Mr. Smith

  • November 24, 2021 20:05

  In hopes of getting attention from someone in Box's Support department, I wrote this today:

  https://support.box.com/hc/en-us/community/posts/4411241935379-Nobody-in-Box-Support-has-responded-to-our-support-request-from-three-months-ago

   

  0

  Comment actions Permalink
• 

  Chris Daniels

  • November 29, 2021 17:16

  Apologies for the delay Steve, and thanks for the call out Mr. Smith.
  
  It really depends on what your end goal is here. Both authentication options are secure, but JWT authentication is more suited for app users, or for users that don't have a Box account already.  Utilizing the Client Credentials Grant or Client Side authentication, is ideal for users that already have Box accounts and is the most user friendly.

  
  I recommend you take a look at our developer documentation that deals specifically with authentication. That documentation can be found here.

  0

  Comment actions Permalink

Please sign in to leave a comment.