"Server Authentication (with JWT)" versus "Server Authentication (Client Credentials Grant)"

新規投稿

2021年08月09日 14:58

My application needs to access all Box user accounts in the Box enterprise. I'm trying to decide whether to use "Server Authentication (with JWT)" or "Server Authentication (Client Credentials Grant)". Using JWT requires an additional public/private key. Is this authentication option more secure? When should I use one versus the other?

4件のコメント

Mr. Smith

2021年10月04日 12:58
Could somebody at Box respond to this two-month-old question?
0

コメントアクションパーマリンク
Steve DeBusschere

2021年11月24日 18:09
This is pretty bad support...3 months without any response from Box.
0

コメントアクションパーマリンク
Mr. Smith

2021年11月24日 20:05
In hopes of getting attention from someone in Box's Support department, I wrote this today:

https://support.box.com/hc/en-us/community/posts/4411241935379-Nobody-in-Box-Support-has-responded-to-our-support-request-from-three-months-ago
0

コメントアクションパーマリンク
Chris Daniels

2021年11月29日 17:16
Apologies for the delay Steve, and thanks for the call out Mr. Smith.

It really depends on what your end goal is here. Both authentication options are secure, but JWT authentication is more suited for app users, or for users that don't have a Box account already. Utilizing the Client Credentials Grant or Client Side authentication, is ideal for users that already have Box accounts and is the most user friendly.

I recommend you take a look at our developer documentation that deals specifically with authentication. That documentation can be found here.
0

コメントアクションパーマリンク

サインインしてコメントを残してください。