JWT Authentication used to access api for admins and co-admins

The problem we're trying to solve:

We are currently trying to use Standard Oauth 2.0 (user authentication) to collect from an entire enterprise, the files/folders/metadata of any selected user in the account. But the problem we're running in to, is when we create a co-admin and then use that account to authenticate with, they do not have access to other co-admins or even the admin.

Is there a better way to authenticate that would allow us to collect from everyone? Including the admin and co-admins. Currently we are using the As-User header to perform requests as users, but this header does not appear to work on admin-like accounts. We always get a 403, with an "access_denied_insufficient_permissions" error.

From looking around, it seems like https://developer.box.com/guides/authentication/jwt/user-access-tokens/ might be a viable option, but would this allow us to create access tokens for the admin/co-admins? This would be quite a big change for us to move to this type of authentication, so I want to make sure before we start to move to it.

Thank you!

bx_dev2

2020年06月10日 18:19

Hi ,

Co-admins will not be able to 'as-user' as the primary admin or any co-admin as far as I know. This is for security purposes. JWT applications will have a service account that is similar to an admin account and can utilize the as-user header for co-admins and/or generate user access tokens.

cbetta

2020年06月11日 02:33

I can confirm that this should work.

コメント