As a side note, I tried next to 1) create a user, and 2) impersonate a user. However, I got permission denied for both. I went into the console and checked the boxes to “Make API calls using the as-user header” and “Generate user access tokens”. Then, I went to re-authorize my app, but when I clicked to re-submit for authorization, I got the lovely error message that an unexpected error occurred. I refreshed, closed out and re-entered, and tried reducing the new permissions I was requesting, but got the same error reach time. Any ideas here?
Hi @trevor , welcome to the forum!
You are on the right track.
When using a JWT or CCG application, Box creates a service account user, and default to that user.
You can check who by hitting the me
end point. for example:
def main():
auth = JWTAuth.from_settings_file(".jwt.config.json")
auth.authenticate_instance()
client = Client(auth)
user = client.user().get()
print(f"User: {user.id}:{user.name}")
The service account user is like any other user and content must be explicitly shared for it to access. This explains why you don’t see the same content on the root folder.
When you use the developer token, it is associated with the user who creates it, so you can see that user content.
I see that you are using the classic SDK, you should try the new Next Gen SDK.
For the classic SDK, login with user (requires the generate user access token):
app_user = service_account_client.user(user_id='APP_USER_ID')
app_user_auth = JWTAuth(
client_id='YOUR_CLIENT_ID',
client_secret='YOUR_CLIENT_SECRET',
user=app_user,
jwt_key_id='YOUR_JWT_KEY_ID',
rsa_private_key_file_sys_path='CERT.PEM',
rsa_private_key_passphrase='PASSPHRASE',
store_tokens=your_store_tokens_callback_method,
)
app_user_auth.authenticate_user()
app_user_client = Client(app_user_auth)
Impersonate with the as-user
header:
user_to_impersonate = client.user(user_id='USER_ID_GOES_HERE')
user_client = client.as_user(user_to_impersonate)
You are on the right track to have the service account impersonate or login as any user, however the error is unexpected. Is it persistent? Can you try again?
Let us know
Hello! Thank you very much for responding to my question. I am still seeing the same issue when I try to re-submit my app for approval. I have shut my machine down, refreshed the page, played with flipping on and off various permissions, etc, but still getting the same error. Any ideas? Thank you for the callout on the next gen SDK. I tried using the code that you sent over, but I got the error that InvalidGrant: Please check the 'sub' claim...
. I’m guessing this is likely because my service account doesn’t have permissions to generate access tokens/users?
Thank you again for helping me out with this, it is very much appreciated!
@trevor , I’m going to ask you to submit a support case:
https://support.box.com/hc/en-us/community/topics/360001934573-Support-Forum
You need to be logged in into some box account to do this.
Hopefully this wont take long
@trevor ,
As a hail mary, would you mind trying to create another app from scratch, and see how that goes?
I was able to create a new app and have pushed it up for review.
Support said they could only help with logins without a paid support plan 😢. Too bad, because I really do think this is a bug. Oh well… hopefully my new app will work instead.
Hi @trevor
Looks like you are unblocked and moving forward. Perfect!
You should be able to create a support ticket from the link I posted above, with or without a paid account.
I keep a personal free account to have the same experience as a developer rather than an employee. When I navigate to the link above and login with my free account I see this:
Click the new post button, to create a new support post.
Let us know if this helps
The new account was able to give me access to download the files. I am set now and can access what I need to. Thank you so much for your help!
This topic was automatically closed 4 days after the last reply. New replies are no longer allowed.