Hello,
I have a box application that runs somewhere in Kubernetes cluster. It needs to read a box file that belongs to a physical box user, The application onboarded with JWT authentication and box created a server account: AutomationUser@boxdevedition.com. I shared the file with this server account and it can see it when listing files. However when trying to get the file content or downloading the file I get 403 authorization error.
The organization does not allow " App + Enterprise Access" configuration nor “Generate user token” access.
seems strange that even when the file owner added the service user as a collaborator it still cannot read the content. Is there a way around this ?
How read user files
Hi @karamba
I wasn’t able to replicate your use case.
Consider the following:
I have a JWT app configured as:
Nothing else is selected
The app has been authorized by the admin.
I have a user which shared a folder with the service account with viewer role, which allow preview and download.
The shared folder id in my case is 221109164857 and the file id you see in the folder is 1276909859528
Consider this Python script:
from boxsdk import JWTAuth, Client
SHARED_FOLDER = "221109164857"
SHARED_FILE = "1276909859528"
def main():
auth = JWTAuth.from_settings_file(".jwt.config.json")
client = Client(auth)
# who am I
user = client.user().get()
print(f"\nCurrent user:\n{user.id} {user.name} ({user.login})\n")
# list shared folder
shared_folder = client.folder(folder_id=SHARED_FOLDER)
items = shared_folder.get_items()
print("\nShared folder contents:")
for item in items:
print(f"{item.type} {item.id} {item.name}")
# download shared file
shared_file = client.file(file_id=SHARED_FILE).get()
with open(shared_file.name, "wb") as output_file:
shared_file.download_to(output_file)
print("Downloaded shared file")
if __name__ == "__main__":
main()
And the result:
Current user:
27989824005 JWT RO (AutomationUser_2092751_iHzu1YkeCC@boxdevedition.com)
Shared folder contents:
file 1276909859528 EmptyDoc.docx
Downloaded shared file
It downloads fine.
This leads me to believe there is something else at play here.
Thank you @rbarbosa . That is actually exactly what I do. shared_folder.get_items() works OK. Initially it returns empty list, after the human user shares files it lists them so it does have access.
However the shared_file.download_to part returns error 403 ( insufficient privileges from BOX)
I suspect the scopes are not set up properly on the admin site. Maybe our organization does not allow it but that would be silly. The file is explicitly shared.
Hi @karamba
It could be the file has been shared without including the download permission.
You can check for details by issuing a .get() on the file and check its properties.
Another possibility is if the JWT application it self doesn’t have the write all files permission, this would prevent any download.
Note that this permission of the app does not mean that the app it self can write on files owned by other users, unless it is impersonating a user.
Cheers
Reply
Rich Text Editor, editor1
Editor toolbars
Press ALT 0 for help
Most helpful members this week
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.