Level up your Box knowledge with brand new learning paths on Box University. Visit training.box.com to get started

Application access to the user's content

New post

Comments

3 comments

  • Peter Christensen

    Hi Ruslan

    For three legged OAuth 2 apps where the user explicitly grants permissions to the app you will receive an access token and refresh token. The access token is valid for 60 minutes and the refresh token for 60 days. Each time you use the refresh token to get a new access token you will also get a new refresh token so the user will not have to re-authorise until you need a new refresh token (assuming you store the tokens locally)
    For more info: https://developer.box.com/guides/authentication/tokens/refresh/

    For a server side (JWT or Client Credentials Grant), the admin of the Box instance will have to approve the app but after this you can access content without the individual users explicit permission. By default the server side application will authenticate as a service account. To allow the app to interact with the content of specific users you can either: 

    1. Add the service account as a collaborator on the content. https://developer.box.com/reference/post-collaborations/. You can get the login name of the service account from the 'General Settings->Service account info' in the developer console for your app

    2. Use the 'As-User' header to impersonate the user. See https://developer.box.com/guides/authentication/jwt/as-user/ 

    3. Generate a token for the user and use this in API calls. See https://developer.box.com/guides/authentication/jwt/user-access-tokens/

    Hope this helps

    Best regards

    Peter Christensen, Platform Solutions Engineer, Box

    0
    Comment actions Permalink
  • Ruslan Shapovalov

    Hi, Peter Christensen

    Thanks for your reply!

    That’s what I understood from your answer, correct me if I am wrong.

    1. I’ve created server application as admin and can’t get any access to the user box content. The one and only way to share data is add the service account as a collaborator to get access to the user’s box content from the server (using NodeJs SDK) that is connected to the application.
    2. There is no way for user to share box content to the application, except inviting someone to group or adding as collaborator.

    I’ve faced with next problem: I’ve connected a created application to the SDK and API worked correctly, but I can’t find the way how to get access to the user’s box storage where my application would be able to perform reading/writing operations.

    Thanks in advance!

    Best regards

    0
    Comment actions Permalink
  • Peter Christensen

    Hi Ruslan

    1. Yes, if you have an application with a service account, then the only ways to get access are the ones I outlined: Add as collaborator, use As-User header or use User Token

    2. Correct

    Normally you would be expected to add the service account as a collaborator via the API. If you want to add the service as a collaborator via the UI, you need to copy the service account login details from the developer console app details and paste into the share dialog. 

    Rgds,

    Peter

    0
    Comment actions Permalink

Post is closed for comments.