JWT access token is not working to load root folder of Box
回答済み
Hi Support.
ClientId: 2xbr8cf7p0xyu7n4xzc5qu0nv2sr6xor
ClientSecret: REDACTED
UserId: 17109425276
Enterprise Id: 843092337
I generated access_token without SDK. but the access_token is not working to load root folder.
I just used sample code from GitHub to get access_token.
but the access_token is not working to load root folder.
letkey = {key:config.boxAppSettings.appAuth.privateKey,passphrase:config.boxAppSettings.appAuth.passphrase}console.log('config', config)// We will need the authenticationUrl again later,// so it is handy to define hereconstauthenticationUrl = 'https://api.box.com/oauth2/token'try {letclaims = {'iss':config.boxAppSettings.clientID,'sub':config.enterpriseID,'box_sub_type':'enterprise','aud':authenticationUrl,// This is an identifier that helps protect against// replay attacks'jti':crypto.randomBytes(64).toString('hex'),// We give the assertion a lifetime of 60 seconds// before it expires'exp':Math.floor(Date.now() / 1000) + 60}letkeyId = config.boxAppSettings.appAuth.publicKeyID// Rather than constructing the JWT assertion manually, we are// using the jsonwebtoken library.letassertion = jwt.sign(claims, key, {// The API support "RS256", "RS384", and "RS512" encryption'algorithm':'RS256','keyid':keyId,})console.log('assertion: ', assertion)// We are using the excellent axios package// to simplify the API callletaccessToken = awaitaxios.post(authenticationUrl,querystring.stringify({// This specifies that we are using a JWT assertion// to authenticategrant_type:'urn:ietf:params:oauth:grant-type:jwt-bearer',// Our JWT assertionassertion:assertion,// The OAuth 2 client ID and secretclient_id:config.boxAppSettings.clientID,client_secret:config.boxAppSettings.clientSecret}))// Extract the access token from the API response.then(response => response.data.access_token)
https://api.box.com/2.0/folders/0/items?fields=modified_at,name,extension&usemarker=true
Thank you
Justin
-
正式なコメント
Hi Justin,
I assume you are talking about this repo on Github.
I just tried downloading and using the code for the node sample. It worked for me. Did you make any changes to the code? Can you share the error you are seeing?
Thanks,
Alex, Box Developer Advocate
コメントアクション -
Thanks for your response.
I can generate access_token with node sample of this repo which you said.
I am using Firebase function to make backend api as the following;
const functions = require("firebase-functions");const express = require('express');const app = express();
const admin = require('firebase-admin');admin.initializeApp();
const fs = require('fs')const crypto = require('crypto')const jwt = require('jsonwebtoken')const axios = require('axios')const querystring = require('querystring');
const config = JSON.parse(fs.readFileSync('config.json'))
function apiResponseData(bResult, msg, errType) {constrepData = {'status':bResult,'result':msg,'errorType':errType};
returnrepData;}
// Get Access Token of Boxapp.get('/boxToken', async (req, res) => {letkey = {key:config.boxAppSettings.appAuth.privateKey,passphrase:config.boxAppSettings.appAuth.passphrase}console.log('config', config)// We will need the authenticationUrl again later,// so it is handy to define hereconstauthenticationUrl = 'https://api.box.com/oauth2/token'try {letclaims = {'iss':config.boxAppSettings.clientID,'sub':config.enterpriseID,'box_sub_type':'enterprise','aud':authenticationUrl,// This is an identifier that helps protect against// replay attacks'jti':crypto.randomBytes(64).toString('hex'),// We give the assertion a lifetime of 60 seconds// before it expires'exp':Math.floor(Date.now() / 1000) + 60}letkeyId = config.boxAppSettings.appAuth.publicKeyID// Rather than constructing the JWT assertion manually, we are// using the jsonwebtoken library.letassertion = jwt.sign(claims, key, {// The API support "RS256", "RS384", and "RS512" encryption'algorithm':'RS512','keyid':keyId,})console.log('assertion: ', assertion)// We are using the excellent axios package// to simplify the API callletaccessToken = awaitaxios.post(authenticationUrl,querystring.stringify({// This specifies that we are using a JWT assertion// to authenticategrant_type:'urn:ietf:params:oauth:grant-type:jwt-bearer',// Our JWT assertionassertion:assertion,// The OAuth 2 client ID and secretclient_id:config.boxAppSettings.clientID,client_secret:config.boxAppSettings.clientSecret}))// Extract the access token from the API response.then(response => response.data.access_token)returnres.status(200).json(apiResponseData(true, accessToken, 0));} catch(error) {console.log('Error get /getToken = ', error.message);returnres.status(500).json(apiResponseData(false, error.message, 4));}
});
exports.widgets = functions.https.onRequest(app);So I can get access_token with that api.
my api endpoint:
GET: https://us-central1-uvceed-ab506.cloudfunctions.net/widgets/boxToken
so I tried to load root folder with access_token(result) coming from api.
Box API to load root foloer
https://api.box.com/2.0/folders/0/items?fields=modified_at,name,extension&usemarker=true
but If I use developer_token, I can see my items in root folder.
So I am guessing my account configuration is wrong. could you check? I shared client_id, client_secret, user_id, etc above.
Here is config.json
{
"boxAppSettings": {
"clientID": "2xbr8cf7p0xyu7n4xzc5qu0nv2sr6xor",
"clientSecret": REDACTED,
"appAuth": {
"publicKeyID": REDACTED,
"privateKey": REDACTED,
"passphrase": REDACTED
}
},
"enterpriseID": "843092337"
}
when I log assertion, It looks like it's getting well.
Thanks
-
Thanks for the additional information.
This is happening, because the developer token is tied to the user account that requested the token, in this case info@uvceed.com.
When you used the node token generator, it is creating a token that is tied to the service account of the application you created. They are different users, and as such, have different content. You aren't getting results, because the service account doesn't own anything.
You can read more about the service account user type here.
Hope this helps.
サインインしてコメントを残してください。
コメント
3件のコメント