Skip to main content
  • EN

Hello,


I have a box application that runs somewhere in Kubernetes cluster. It needs to read a box file that belongs to a physical box user, The application onboarded with JWT authentication and box created a server account: AutomationUser@boxdevedition.com. I shared the file with this server account and it can see it when listing files. However when trying to get the file content or downloading the file I get 403 authorization error.


The organization does not allow " App + Enterprise Access" configuration nor “Generate user token” access.


seems strange that even when the file owner added the service user as a collaborator it still cannot read the content. Is there a way around this ?

Hi @karamba



I wasn’t able to replicate your use case.



Consider the following:



I have a JWT app configured as:


image



image



Nothing else is selected


The app has been authorized by the admin.



I have a user which shared a folder with the service account with viewer role, which allow preview and download.



image



The shared folder id in my case is 221109164857 and the file id you see in the folder is 1276909859528



Consider this Python script:



from boxsdk import JWTAuth, Client





SHARED_FOLDER = "221109164857"


SHARED_FILE = "1276909859528"





def main():


    auth = JWTAuth.from_settings_file(".jwt.config.json")


    client = Client(auth)





    # who am I


    user = client.user().get()


    print(f"\nCurrent user:\n{user.id} {user.name} ({user.login})\n")





    # list shared folder


    shared_folder = client.folder(folder_id=SHARED_FOLDER)


    items = shared_folder.get_items()


    print("\nShared folder contents:")


    for item in items:


        print(f"{item.type} {item.id} {item.name}")





    # download shared file


    shared_file = client.file(file_id=SHARED_FILE).get()


    with open(shared_file.name, "wb") as output_file:


        shared_file.download_to(output_file)


    print("Downloaded shared file")





if __name__ == "__main__":


    main()


And the result:



Current user:


27989824005 JWT RO (AutomationUser_2092751_iHzu1YkeCC@boxdevedition.com)





Shared folder contents:


file 1276909859528 EmptyDoc.docx


Downloaded shared file


It downloads fine.


This leads me to believe there is something else at play here.

Thank you @rbarbosa . That is actually exactly what I do. shared_folder.get_items() works OK. Initially it returns empty list, after the human user shares files it lists them so it does have access.


However the shared_file.download_to part returns error 403 ( insufficient privileges from BOX)


I suspect the scopes are not set up properly on the admin site. Maybe our organization does not allow it but that would be silly. The file is explicitly shared.

Hi @karamba



It could be the file has been shared without including the download permission.


You can check for details by issuing a .get() on the file and check its properties.



Another possibility is if the JWT application it self doesn’t have the write all files permission, this would prevent any download.



Note that this permission of the app does not mean that the app it self can write on files owned by other users, unless it is impersonating a user.



Cheers

Reply


Terms & ConditionsCookie settings