Server Authentication usage

回答済み

フォローする

新規投稿

Steve DeBusschere

• 2021年08月09日 18:04

My app will be used by other Box customers to access their files. I am testing the custom app authentication options that will allow my app to access every user's files within an enterprise account. I created a "Server Authentication (Client Credentials Consent)" app registration and consented to the app from two different Box accounts (e.g. "A" and "B"). I found that it is possible for account "A" to access the files in account "B" by specifying the enterprise ID for account "B". Is there no way to use the same app registration for multiple Box accounts? What is the recommended practice to build a "multi-tenant" application?

0

• 正式なコメント

  

  Kourtney

  • 2021年08月10日 23:36

  Hey Steve, 

  When you create a grant using client credentials grant, a service account user is created as soon as the app is authorized in the Admin Console. When you specify the enterprise ID in the grant, you'll obtain an access token for this user by default. A service account will be created for the app in each EID the app is authorized in. You will not be able to access content in a non-managed user's account (aka a user in another enterprise). 

  Hope that helps, but let me know if you have any questions! 

  Best,

  Kourtney, Box Developer Advocate

  コメントアクション パーマリンク
• 

  Steve DeBusschere

  • 2021年08月11日 13:25

  Kourtney,

  If you change the enterprise ID to another Box account that has also authorized the app, you can see their content without knowing their login credentials. We tested this and was surprised that it was true.

  Steve

   

  0

  コメントアクション パーマリンク

サインインしてコメントを残してください。