Insufficient scope for file upload in Python, using JWT

Answered
New post

Comments

11 comments

  • Alex Novotny

    Hi, 

    Are you using our Python SDK? What scopes does the app you created have? And How are you generating the token? 

    Alex, Box Developer Advocate

    0
    Comment actions Permalink
  • Roger Longenbach

    Hi Alex, yes the Python SDK.  Using the JWT token with the dev box created public/private key json rider file that I'm reading in the script.

    import boxsdk
    from boxsdk import Client, OAuth2, JWTAuth
    config = JWTAuth.from_settings_file('<file location>')
    client=Client(config)

     

    I have the scope to read and write all files stored in box, it has enterprise manage users/groups/properties (it's configured as an App + Enterprise Access) although I don't need to do anything with users, just uploading files from a local folder to a specific box folder on a regular basis.

     

    It's connecting fine, and I can find the folder via the script which was created by me in my enterprise, and I've given the service account multiple different permission levels, including co-owner (although uploader should be sufficient for what I need to do!) without success.

    0
    Comment actions Permalink
  • Alex Novotny

    I don't think you need to import OAuth2.... Refer to the instructions here

    Here's an example of uploading a file too!

    0
    Comment actions Permalink
  • Roger Longenbach

    I'll try not loading it and see if it makes any difference, but I am able to load the files into the same exact folder using the developer token 

     

    boxFile = client.folder(destboxFoldID).upload(newLeasePath,newLeaseFileName)  is what I'm using, after getting the variables loaded

    0
    Comment actions Permalink
  • Roger Longenbach

    Yeah, even without loading OAuth2 it still says the same error:

     

    [31m"OPTIONS https://api.box.com/2.0/files/content" 403 0
    {'Date': 'Wed, 16 Feb 2022 17:13:20 GMT', 'Transfer-Encoding': 'chunked', 'Connection': 'keep-alive', 'x-envoy-upstream-service-time': '145', 'www-authenticate': 'Bearer realm="Service", error="insufficient_scope", error_description="The request requires higher privileges than provided by the access token."', 'box-request-id': '11d1a55ebb8f28241e0e7eb0025227341', 'strict-transport-security': 'max-age=31536000'}
    b''
    [0m

     

    I can get the Box folder info ok with the token, here is my latest test script (had to double check there wasn't private info)

    import boxsdk
    from boxsdk import Client, JWTAuth
    from boxsdk.exception import BoxAPIException
    config = JWTAuth.from_settings_file('C:\\YardiPython\\79150963_5qcdz3aj_config.json')
    client=Client(config)
    root_folder=client.folder('154957528460')
    print(root_folder.get())
    cur_user=client.user().get()
    print(cur_user)
    boxItems = client.folder(folder_id='0').get_items()
    for boxItem in boxItems:
        boxFoldName = boxItem.name
        boxFoldId = boxItem.id
        print(boxFoldName,boxFoldId)
        if boxFoldName == 'BLVD Leases':
            destboxFoldID = boxFoldId
    print(destboxFoldID)
    try:
        box_file = client.folder(destboxFoldID).upload('C:\\YardiFileExtract\\Attachment_name.pdf', preflight_check=True)
    except BoxAPIException:
        pass

     

    0
    Comment actions Permalink
  • Alex Novotny

    Did you happen to make any changes to the application permissions? And if so, did you reauthorize the application in the admin console after? I will review the code you sent in. 

    0
    Comment actions Permalink
  • Roger Longenbach

    I didn't make any changes to the rights before getting it authorized

    0
    Comment actions Permalink
  • Alex Novotny

    So I tested your code, and it worked for me.... It looks like the settings for App + Enterprise Access didn't get approved by the admin based on what I'm seeing on the backend. Can you have the admin reauthorize it? 

    0
    Comment actions Permalink
  • Roger Longenbach

    Thanks, I've reached out!

    0
    Comment actions Permalink
  • Roger Longenbach

    Alex, it's working now, thanks!

    0
    Comment actions Permalink
  • Alex Novotny

    Whew! I was getting worried that something was seriously broken. :) Glad it's working. 

    0
    Comment actions Permalink

Please sign in to leave a comment.