Skip to main content

Hello,


I have a box application that runs somewhere in Kubernetes cluster. It needs to read a box file that belongs to a physical box user, The application onboarded with JWT authentication and box created a server account: AutomationUser@boxdevedition.com. I shared the file with this server account and it can see it when listing files. However when trying to get the file content or downloading the file I get 403 authorization error.


The organization does not allow " App + Enterprise Access" configuration nor “Generate user token” access.


seems strange that even when the file owner added the service user as a collaborator it still cannot read the content. Is there a way around this ?

Hi @karamba



I wasn’t able to replicate your use case.



Consider the following:



I have a JWT app configured as:








Nothing else is selected


The app has been authorized by the admin.



I have a user which shared a folder with the service account with viewer role, which allow preview and download.





The shared folder id in my case is 221109164857 and the file id you see in the folder is 1276909859528



Consider this Python script:



from boxsdk import JWTAuth, Client



SHARED_FOLDER = "221109164857"

SHARED_FILE = "1276909859528"



def main():

auth = JWTAuth.from_settings_file(".jwt.config.json")

client = Client(auth)



# who am I

user = client.user().get()

print(f"\nCurrent user:\n{user.id} {user.name} ({user.login})\n")



# list shared folder

shared_folder = client.folder(folder_id=SHARED_FOLDER)

items = shared_folder.get_items()

print("\nShared folder contents:")

for item in items:

print(f"{item.type} {item.id} {item.name}")



# download shared file

shared_file = client.file(file_id=SHARED_FILE).get()

with open(shared_file.name, "wb") as output_file:

shared_file.download_to(output_file)

print("Downloaded shared file")



if __name__ == "__main__":

main()



And the result:



Current user:

27989824005 JWT RO (AutomationUser_2092751_iHzu1YkeCC@boxdevedition.com)



Shared folder contents:

file 1276909859528 EmptyDoc.docx

Downloaded shared file



It downloads fine.


This leads me to believe there is something else at play here.


Thank you @rbarbosa . That is actually exactly what I do. shared_folder.get_items() works OK. Initially it returns empty list, after the human user shares files it lists them so it does have access.


However the shared_file.download_to part returns error 403 ( insufficient privileges from BOX)


I suspect the scopes are not set up properly on the admin site. Maybe our organization does not allow it but that would be silly. The file is explicitly shared.


Hi @karamba



It could be the file has been shared without including the download permission.


You can check for details by issuing a .get() on the file and check its properties.



Another possibility is if the JWT application it self doesn’t have the write all files permission, this would prevent any download.



Note that this permission of the app does not mean that the app it self can write on files owned by other users, unless it is impersonating a user.



Cheers


Reply