0
votes

I'm currently working on a Rails 5.2 application where I'm using FormStack form service. Formstack makes use of Box for it's storing services. I started using Boxr gem to interact with the Box API.

To create a client you will need a developer token.

client = Boxr::Client.new('{BOX_DEVELOPER_TOKEN}') However, this BOX_DEVELOPER_TOKEN expires every 60 minutes. So I decided to use JWT for authentication.

So I generate the token the following way:

token = Boxr::get_enterprise_token(private_key: ENV.fetch('JWT_PRIVATE_KEY'), private_key_password: ENV.fetch('JWT_PRIVATE_KEY_PASSWORD'), public_key_id: ENV.fetch('JWT_PUBLIC_KEY_ID'), enterprise_id: ENV.fetch('BOX_ENTERPRISE_ID'), client_id: ENV.fetch('BOX_CLIENT_ID'), client_secret: ENV.fetch('BOX_CLIENT_SECRET'))

This is what I then pass to generate the client:

client = Boxr::Client.new(token)

This creates the client:

#<Boxr::Client:0x000055fd60abb7e8
 @access_token={"access_token"=>"xxxxxxxxxxxxxxxx", "expires_in"=>3782, "restricted_to"=>[], "token_type"=>"bearer"},
 @as_user_id=nil,
 @client_id="xxxxxxxxxxxxxxx",
 @client_secret="xxxxxxxxxxxx",
 @enterprise_id="xxxxxxxxxxxxx",
 @identifier=nil,
 @jwt_private_key=
  "-----BEGIN ENCRYPTED PRIVATE KEY-----xxxxxxxxxxxxxx",
 @jwt_private_key_password="xxxxxxxxxxxxxxx",
 @jwt_public_key_id="xxxxxxxxxxxxxx",
 @refresh_token=nil,
 @token_refresh_listener=nil>

However, when I try to retrieve a folder by the ID I get an error which I didn't get when I passed the BOX_DEVELOPER_TOKEN to create the client.

folder = client.folder_from_id("12345678")

Boxr::BoxrError: 404: Not Found
from /usr/local/bundle/gems/boxr-1.4.0/lib/boxr/client.rb:239:in `check_response_status'

In enterprise settings I gave access to the application by providing the API TOKEN. I'm not sure why I can not get the folder. When I go to the folder ID, the folder is there and in the developer console, I have admin access. Any help?

1

1 Answers

1
votes

The behavior you're seeing is due to the fact that your Developer Token authenticates the caller as your own personal user account, but when using JWT Authentication the API calls are made as a special Service Account which represents the application itself. These accounts do not by default have access to the same content; any folders you wish to share between them must either be explicitly collaborated, or the Service Account must be permitted to impersonate the user account that owns the folder. You can read more about this topic at https://developer.box.com/v2.0/docs/service-account