Getting currently logged in User with Enterprise App
回答済みWe have an Enterprise App, which authenticates via JWT to Box for our enterprise. It's developed only for our enterprise internal use. We are able to invoke AsUser to impersonate users successfully, if we know the UserID. We are designing this app so that any user who's already logged into Box (we use Okta) can load the app from an intranet url, and access information about their account, files, etc.
The problem we are trying to solve, is how to pass the information from the browser of who the currently logged in user is to the app. We are using the Box NodeJS SDK. Since this is being done with the enterprise app (JWT) we won't be using the OAuth protocol. Can this be done with our current setup, without writing a separate app (with oauth) to be used as a go-between? Thank you.
-
What if I have absolutely nothing? I wouldn't trust an email address, some user could figure that out, and enter someone else's email address. It needs to figure out who the authenticated user is without any input whatsoever from the user, i.e. only from the browser session data. It also needs to be cross-browser (Chrome, IE, Firefox, etc.).
-
We use both oauth and jwt - https://github.com/kendomen/boxadmin/blob/master/app.js
https://github.com/kendomen/boxadmin
This is an example app that allows co-admins to run admin calls using jwt.
-
Thank you for a great example. I will look through this more. Am I understanding it correctly that you have two apps authenticating to box? A JWT and an OAuth app? From the dev console, it looks like you have to choose one authentication scheme or another, but not both. If this is true, you have the user login with the Express Passport-Box module (via the OAuth app), which then passes the user id info back to the nodejs server which uses a second app (JWT) to connect to the admin side of things. Am I far off?
-
You're right. I have 2 box applications used by one webapp.
We created this app to allow normal users (oauth) to be able to perform admin actions (jwt) because we needed to scale out our support team.
One is used to authenticate the user using oauth.
The other is used to perform actions that is beyond the authenticated user's scope.
An example of an action is "update email address".
To do that, there's these steps:
1. transfer content from the old user to the new user
2. delete the old user
3. add email alias
4. update the alias to be the primary email
5. remove email alias
サインインしてコメントを残してください。
コメント
7件のコメント