response difference on JWT OAuth and standard OAuth
I created a custom App and used standard OAuth to get the contents of the folder after manually logging-in via API. I didn't authorize or do anything extra apart from setting the redirect URL and it works fine(all the files and folders I've created manually are visible).
But I didn't want the user to log in manually, so
My first question is that can I login via standard OAuth API without explicitly logging in?
I didn't find any related info so, I created another custom app with JWT OAuth, generated public-private key pair, gave it all the permissions and also authorized the custom app. Now when I hit the API I get the response but it doesn't show any of the files and folders I had uploaded manually, it shows the different user id.
What is causing this issue? Any guidance will be appreciated.
response standard OAuth -
stdClass Object
(
[type] => folder
[id] => 0
[sequence_id] =>
[etag] =>
[name] => All Files
[created_at] =>
[modified_at] =>
[description] =>
[size] => 19529911
[path_collection] => stdClass Object
(
[total_count] => 0
[entries] => Array
(
)
)
[created_by] => stdClass Object
(
[type] => user
[id] =>
[name] =>
[login] =>
)
[modified_by] => stdClass Object
(
[type] => user
[id] => xxx842
[name] => bla bla
[login] => ***email address removed for privacy***
)
[trashed_at] =>
[purged_at] =>
[content_created_at] =>
[content_modified_at] =>
[owned_by] => stdClass Object
(
[type] => user
[id] => xxx842
[name] => bla bla
[login] => ***email address removed for privacy***
)
[shared_link] =>
[folder_upload_email] =>
[parent] =>
[item_status] => active
[item_collection] => stdClass Object
(
[total_count] => 3
[entries] => Array
(
[0] => stdClass Object
(
[type] => folder
[id] => xxx341
[sequence_id] => 1
[etag] => 1
[name] => snc_box_test_folder
)
[1] => stdClass Object
(
[type] => folder
[id] => xxx189
[sequence_id] => 1
[etag] => 1
[name] => snc_test
)
[2] => stdClass Object
(
[type] => file
[id] => xxx003
[file_version] => stdClass Object
(
[type] => file_version
[id] => xxx603
[sha1] => 1207fdf3d9b794254f174bla7baa856c06151f25
)
[sequence_id] => 0
[etag] => 0
[sha1] => 1207fdf3d9b794254f174bla7baa856c06151f25
[name] => lion-sample.webm
)
)
[offset] => 0
[limit] => 100
[order] => Array
(
[0] => stdClass Object
(
[by] => type
[direction] => ASC
)
[1] => stdClass Object
(
[by] => name
[direction] => ASC
)
)
)
)JWT OAuth response -
stdClass Object
(
[type] => folder
[id] => 0
[sequence_id] =>
[etag] =>
[name] => All Files
[created_at] =>
[modified_at] =>
[description] =>
[size] => 0
[path_collection] => stdClass Object
(
[total_count] => 0
[entries] => Array
(
)
)
[created_by] => stdClass Object
(
[type] => user
[id] =>
[name] =>
[login] =>
)
[modified_by] => stdClass Object
(
[type] => user
[id] => xxx989 ------------------- different id here
[name] => snc_box_test1
[login] => ***email address removed for privacy***
)
[trashed_at] =>
[purged_at] =>
[content_created_at] =>
[content_modified_at] =>
[owned_by] => stdClass Object
(
[type] => user
[id] => xxx989 ------------------- different user id
[name] => snc_box_test1
[login] => ***email address removed for privacy***
)
[shared_link] =>
[folder_upload_email] =>
[parent] =>
[item_status] => active
[item_collection] => stdClass Object
(
[total_count] => 0
[entries] => Array
(
)
[offset] => 0
[limit] => 100
[order] => Array
(
[0] => stdClass Object
(
[by] => type
[direction] => ASC
)
[1] => stdClass Object
(
[by] => name
[direction] => ASC
)
)
)
)I am using PHP and currently I'm testing on localhost.
-
Hi , when you use JWT you don't authenticate as you, the managed user. Instead you are authenticate as a service account, which obviously does not have access to your files and folders.
You can use the as-user header to access your own files and folders.
https://developer.box.com/guides/authentication/jwt/as-user/
-
Thanks for the quick response.
I am using JWT without SDK as there is no documentation for php in other methods (Reference), I'm following the sample code provided in the GitHub page, where they do not mention to perform any such action that's probably why I didn't do so.
Nevertheless, after your suggestion I used 'as-user' in header, but it gives the following error -Message: Client error response [url] https://api.box.com/2.0/folders/0 [status code] 403 [reason phrase] ForbiddenIs there anything else I can do? Am I still missing something? Please respond _/\_
-
As suggested I was authorizing as enterprise but to view, download or upload files I must have access as a user. I achieved success by using 'box_sub_type' as 'user' instead of 'enterprise' and passing {user id} instead of {enterprise id}.
Change this ↓↓
$claims = [ 'iss' => $config->boxAppSettings->clientID, 'sub' => $config->enterpriseID, 'box_sub_type' => 'enterprise', 'aud' => $authenticationUrl, 'jti' => base64_encode(random_bytes(64)), 'exp' => time() + 45, 'kid' => $config->boxAppSettings->appAuth->publicKeyID ];to
this ↓↓
$userID = '123456'; $claims = [ 'iss' => $config->boxAppSettings->clientID, 'sub' => $userID, 'box_sub_type' => 'user', 'aud' => $authenticationUrl, 'jti' => base64_encode(random_bytes(64)), 'exp' => time() + 45, 'kid' => $config ];References -
サインインしてコメントを残してください。
コメント
4件のコメント