Automating Access Token
My Box app is currently using JWT authentication but not able to upload the files or get the files from my account. For this app, the service account also got generated.
-
Hi Rakshita,
You're not giving us much to analyze...
Typically this situation means you are trying to access your personal folder using a service account, for which you have not specifically granted access to.
There are 2 options here, either you specifically grant access to the service account or you use the service account "as-user" flag and ask the service account to impersonate you, which is preferred.
Consider this example in python:
from boxsdk import JWTAuth, Client
from boxsdk.object.file import File
class CFG:
"""config class"""
JWT_CONFIG_FILE = ".jwt.config.json"
AS_USER = "18622116055"
PARENT_FOLDER_ID = "0" # folder id 0 is root folder
def get_box_client(as_user: bool = False):
"""get a box client"""
auth = JWTAuth.from_settings_file(CFG.JWT_CONFIG_FILE)
service_client = Client(auth)
if not as_user:
return service_client
user = service_client.user(CFG.AS_USER)
return service_client.as_user(user)
def print_items(items):
"""print items"""
print("\n")
print("Type\tID\tName")
print("----\t--\t----")
for item in list(items):
print(f"{item.type}\t{item.id}\t{item.name}\t")
def main():
"""main function"""
client = get_box_client(as_user=False)
# print current user info
user = client.user().get()
print(f"Current User: {user.name}\tid:{user.id}")
users = client.users()
for user in users:
print(f"User: {user.name}\tid:{user.id}\tlogin:{user.login}")
# list files in parent folder
items = client.folder(CFG.PARENT_FOLDER_ID).get_items()
print_items(items)
# client impersonating a user
client_as_user = get_box_client(as_user=True)
# print current user info
user = client_as_user.user().get()
print(f"Current User: {user.name}\tid:{user.id}")
# list files in parent folder
items = client_as_user.folder(CFG.PARENT_FOLDER_ID).get_items()
print_items(items)
if __name__ == "__main__":
main()
print("\n")
print("-" * 80)
print("All Done!")This will show you the service user (JWT app):
Current User: UI-Elements-Sample id:20344589936
The list all users visible to the service user (JWT app)
User: Administrator id:18662105676 login:AppUser_1715931_Il2dcyHuqu@boxdevedition.com
User: Administrator id:18662356345 login:AppUser_1715931_vt8XOps1Ff@boxdevedition.com
User: Administrator id:18661971368 login:AppUser_1715931_xSifhdw6W7@boxdevedition.com
User: Investment User id:22240548078 login:barduinor+inv@gmail.com
User: Wealth User id:22240405099 login:barduinor+we@gmail.com
User: Wholesale User id:22240545678 login:barduinor+wh@gmail.com
User: Rui Barbosa id:18622116055 login:barduinor@gmail.coman then list the service user (JWT app) contents of its root folder (0):
Type ID Name
---- -- ----
folder 177388203339 100k
folder 198947288178 aaaa
folder 172599089223 Bookings
folder 163422716106 Box UI Elements Demo
folder 189803765719 ClassificationService
folder 198775845609 JWT Folder for UI Sample Apps
folder 172611202270 My Signed Documents
folder 198948099055 Shared with RB
folder 170845975022 Waivers
folder 176837925976 WebhookHowever I'm interested in impersonating 18622116055 (Rui Barbosa), and that is what the below code does:
# client impersonating a user
client_as_user = get_box_client(as_user=True)with this method:
def get_box_client(as_user: bool = False):
"""get a box client"""
auth = JWTAuth.from_settings_file(CFG.JWT_CONFIG_FILE)
service_client = Client(auth)
if not as_user:
return service_client
user = service_client.user(CFG.AS_USER)
return service_client.as_user(user)Then when I ask who is the current user of the app, it becomes:
Current User: Rui Barbosa id:18622116055
And then I can list all his root files as if he is logged in:
Type ID Name
---- -- ----
folder 172759373899 Barduino User Folder
folder 172599089223 Bookings
folder 162833533610 Box Reports
folder 163422716106 Box UI Elements Demo
folder 191176042455 Bulk Upload
folder 189803765719 ClassificationService
folder 195808887286 Customers
folder 199899255193 Exact Match
folder 185583279315 Internal Only Folder
folder 184121760895 it@plastimould.com - Managed User A's Files and Folders
folder 184901009434 malware-test-files
folder 191494027812 Media Samples
folder 156592455267 My Box Notes
folder 157064745449 My Sign Requests
folder 157065079893 My Signed Documents
folder 165803865043 Preview Samples
folder 172796453399 Shared Folder Public
folder 172797684789 Shared Folder Test
folder 172800574368 Shared with JWT
folder 198948099055 Shared with RB
folder 169427162522 UI Elements Demo
folder 199908799409 Uploads
file 1010742636771 This is a box note.boxnote
web_link 22625801630 Shared Folder - GBP Order FormsOf course this also depends on how your JWT app is configured.
Hope this helps, let us know.
Best regards
サインインしてコメントを残してください。
コメント
1件のコメント