新しいBoxサポートサイトへようこそ。 変更点の詳細はこちらをご確認ください .

Re: How I can connect to OAuth2 from server-side script (without internet browser)?

新規投稿

コメント

11件のコメント

  • joexpert

    Hey Tony....when I follow your steps. I keep  getting

     

    curl https://app.box.com/api/oauth2/token...

     

    response:

    {

    • error: "invalid_grant",
    • error_description: "The authorization code has expired"

    }

     

    I've made sure the to POST it (I did via

    I've also recreated the "client_secret" for my app (and then reran  "Authorization Code" step).

    Each time same result "invalid_grant"

     

    Please help... 🙂

    Thanks,

    Joel

    0
    コメントアクション Permalink
  • joexpert

    (I've already checked for "{" curly braces accidentally being used)

    according to this: 

    http://stackoverflow.com/questions/20937478/invalid-credentials-when-trying-to-obtain-box-api-tokens

     

    I need to setup certificate/security info.. do you have any help with that? 

     

     

    0
    コメントアクション Permalink
  • joexpert

    Never mind...turns out I had an extra space in my "client_secret"

    0
    コメントアクション Permalink
  • tony-at-box

    Hi Joel,

     

    Glad to hear that you were able to sort it out! 🙂

     

    -Tony

     

    0
    コメントアクション Permalink
  • AakashRatkal

    Hi Tony,

    I went through the process you have described here. And I am able to make API calls using access tokens. Thank you very much for that. My question is, Can we bypass the manual grant access option by using enterprise SSO credentials? Or add users to my app in bulk without user actually doing it (With the Enterprise Administration Access)?

    Thank you for your response.

    0
    コメントアクション Permalink
  • sudhavasiraju

    Hi Tony

      Thank you for your detailed explanation. I followed those steps and able to access with retrieved access token. But, if I want to implement complete server-side solution without user interaction, as per my understanding, I need to save Access token and Refresh token on some flat file/DB (considering server downtime) and use refresh method every time by setting those values back to api connection. Is that correct? Or is there any otherway of doing it?

     

    Thanks

    Sudhakar

    0
    コメントアクション Permalink
  • setu01

    ok so there are couple more issues with this process though. You can keep your token and refresh token working for you as long as you have your application up and running, but as soon as you restart your application, it looses everything and you have to start all over again with browser login and grant permission. Also, second issue is that, if user that granted a permission, if their password expires, then it starts failing and you will have to have them login again and grant permission. There is just so many manual step involved unlike other saas provider like salesforce or netsuite does. Am I wrong on any of these?

     

    thanks

    -Samir

    0
    コメントアクション Permalink
  • finkej1

    I do our user provisioning from a set of Oracle APEX apps.  Each call to the BOX API has the following call to set up the authentication (these happen to be for Oracle PL/SQL routines, but might be useful as a model)

     

    apex_web_service.g_request_headers.delete; -- Make sure we are clean
    apex_web_service.g_request_headers(1).name := 'Authorization';
    apex_web_service.g_request_headers(1).value := 'Bearer ' || Oauth_Maint.Get_Access_Token;

     

    Which brings us back to the "Get_Access_Token" function, which looks like:

     

    function Get_Access_Token(interface_name in varchar2 default 'BOX_Provision')
    return varchar2
    is
    sys sys_rec;
    time_left number;
    result varchar2(255);
    pragma autonomous_transaction;
    begin
    --
    -- Might want to consider doing an interface check here. Lets assume
    -- it was done at a higher level for now
    sys := sys_by_system_name(interface_name);
    if sys.system_name is null
    then
    raise_application_error(-20101,'Get_Access_Token - System name "' || interface_name || '" is not found.');
    end if;
    time_left := ( sys.access_expire - sysdate ) * 24 * 60; -- time left in minutes
    if nvl(time_left,0) < 2
    then
    result := Refresh_Token(sys);
    commit;
    return result;
    end if;

    --
    -- Now get the saved token
    sys.last_access := sysdate;
    sys := update_sys(sys);
    commit;
    return get_token(sys.token_directory, sys.system_name, Access_Suffix);
    end Get_Access_Token;

     

    The "sys_XXX" are a set of PL/SQL routines that provide access to a simple table that basically record the last time we refreshed a token.  If the token is "recent" enough, we return it, otherwise we record the "last access time" and get the Tokens from the database.  Note - the tokens are actually stored as files on the database server.

     

    This setup has been working since the fall, and as long as someone makes a BOX request at least once every 60 days, the token will be refreshed.  Since we syncronize groups a couple of times a day.

     

    If you are interested in seeing the full PL/SQL package, send an email to ***email address removed for privacy*** and ask for the "OAUTH_Maint" package, and I will send it back to you.

     

    0
    コメントアクション Permalink
  • Tony58

    Is it still the case or has it been updated? (Server side script without internet browser)

    0
    コメントアクション Permalink
  • Stan_

    Is this not valid anymore? I'm not getting "Authorization Code" on step #2, it just redirects me to "https://hidden.app.box.com/folder/0"

    0
    コメントアクション Permalink
  • Stan_

    I ended up using the following automated script for OAuth 2.0 with bash. If somebody interested: https://github.com/rooty0/box-oauth-uploader

    0
    コメントアクション Permalink

サインインしてコメントを残してください。