response difference on JWT OAuth and standard OAuth

新規投稿

コメント

4件のコメント

  • bettaio

    Hi , when you use JWT you don't authenticate as you, the managed user. Instead you are authenticate as a service account, which obviously does not have access to your files and folders.

     

    You can use the as-user header to access your own files and folders.

     

    https://developer.box.com/guides/authentication/jwt/as-user/

    0
    コメントアクション パーマリンク
  • snc

     Thanks for the quick response. 
    I am using JWT without SDK as there is no documentation for php in other methods (Reference), I'm following the sample code provided in the GitHub page, where they do not mention to perform any such action that's probably why I didn't do so. 
    Nevertheless, after your suggestion I used 'as-user' in header, but it gives the following error - 

     

    Message: Client error response [url] https://api.box.com/2.0/folders/0 [status code] 403 [reason phrase] Forbidden

     

     Is there anything else I can do? Am I still missing something? Please respond _/\_

    0
    コメントアクション パーマリンク
  • snc

    As  suggested I was authorizing as enterprise but to view, download or upload files I must have access as a user. I achieved success by using 'box_sub_type'  as 'user' instead of 'enterprise' and passing {user id} instead of {enterprise id}. 

     

    Change this ↓↓

    $claims = [
    	  'iss' => $config->boxAppSettings->clientID,
    	  'sub' => $config->enterpriseID,
    	  'box_sub_type' => 'enterprise',
    	  'aud' => $authenticationUrl,
    	  'jti' => base64_encode(random_bytes(64)),
    	  'exp' => time() + 45,
    	  'kid' => $config->boxAppSettings->appAuth->publicKeyID
    	  ];

    to 

    this ↓↓

    $userID =  '123456';
    		
    $claims = [
    	  'iss' => $config->boxAppSettings->clientID,
    	  'sub' => $userID,
    	  'box_sub_type' => 'user',
    	  'aud' => $authenticationUrl,
    	  'jti' => base64_encode(random_bytes(64)),
    	  'exp' => time() + 45,
    	  'kid' => $config
          ];

     References - 

    0
    コメントアクション パーマリンク
  • bettaio

    That works as well. 👍🏻

    0
    コメントアクション パーマリンク

サインインしてコメントを残してください。