Get permanent authorization for python code using the BoxSDK

New post



  • Alex Novotny


    I think your grant_type is wrong. It shouldn't say client_credentials... it should be authorization_code like it says on the reference page.... can you try this and report back? 


    Alex, Box Developer Advocate

    Comment actions Permalink
  • Lukasz Socha

    you tried to do many things manually, when SDK already provides everything. I rewrote your flask app to make it working. I added printing all items in root folder to make sure it works. If you have any questions or this code snippet won't work for you let us know.

    from boxsdk import OAuth2, Client
    from flask import Flask, request, redirect

    app = Flask(__name__)

    AUTH = OAuth2(
    client_id='YOUR CLIENT ID',
    client_secret='YOUR CLIENT SECRET'

    def get_auth():
    auth_url, csrf_token = AUTH.get_authorization_url('http://localhost:5000/oauth2callback')
    return redirect(auth_url, code=302)

    def callback():
    client = Client(AUTH)

    root_folder = client.root_folder()
    list_of_items = ""
    for item in root_folder.get_items():
    list_of_items += f'{}, '

    return list_of_items

    if __name__ == '__main__':
    Comment actions Permalink
  • Santiago Oziel Torres Pavon

    Hi, thank you for replying, yes I actually got it working using the SDK, but I also ran into a bunch of issues after getting it to work.

    The auth_url that I got only worked sometimes.

    Sometimes I would get the correct windows asking me for access to my box Files but others I got redirected the box main portal with a “We could not find what you were looking for “ message.

    But even the times when it worked properly it was not exactly what I was looking for, as it only provided an hour-long access token as opposed to what I am looking for which is a bit more of a permanent solution.

    I tried getting the permanent access using a different method “RSA Keys”:

    config = JWTAuth.from_settings_file('Path to my config json file')
    client = Client(config)

    but as far as I can tell this only gives me access to the files that are on my (currently empty) Service account, not the ones in my main box account where everything is located.

    What am I doing wrong? I just want my python code to be able to download and upload files to my box account, without me needing to give it permission each time, as the whole point of the code is for it to run without human intervention on a daily basis.

    Comment actions Permalink
  • Lukasz Socha
    The problem you are experiencing may be due to scope of the user model you are using. To clarify, Box has a couple different of user models that we use for different use cases:
    Service Account
    • A Service Account represents the application you created in a Box Enterprise. It can only be accessed programmatically similar to an App User, and a Service Account can also be used to create App User accounts. You can read more about Service Accounts here.
    App User
    • An App User is very similar to a Service Account in that they are accessed programmatically, but you can create multiple App User accounts. You can read more about App Users here.
    Managed Users
    • A managed user represents a member of an enterprise and has an associated login email/password. This is also your personal account. You can read more about managed accounts here.
    To bring it all back, we have a few different user models here. The Service Account that you are authenticating as is separate from your personal user account. Each user account has its own separate files and folders. You can access content in another managed account in a few ways:
    • Taking actions on behalf of user by authenticating As-User
    • Collaborating the account onto the content you want them to have access to.

    I think in your case making calls as user will be the best fit. This is a code snippet you can use:

    config = JWTAuth.from_settings_file('path to config')
    client = Client(config)

    user_to_impersonate = client.user(user_id='your managed user id')
    user_client = client.as_user(user_to_impersonate)

    for item in user_client.root_folder().get_items():

    Remember to set proper scopes with Dev Console in Configuration tab:

    • In section App Access Level - select App + Enterprise Access
    • In section Advanced settings - check Make API calls using the as-user header checkbox

    Don't forget to save and submit your settings in Authorization tab and then get an admin approval.

    Comment actions Permalink

Post is closed for comments.