Hi @user205 ,
Most likely you are using a JWT or CCG configured application for which the underlying security context is the service account of the application.
You have several options to go around this:
- Use OAuth 2.0 and work with the user security context
- Using the JWT or CCG, authenticate with your user, typically use
box_subject_type = user
and the box_subject_id = your_user_id
, as opposed to subject type of enterprise and your enterprise id. Your application security configurations need to have the Generate user access token
selected.
- Share the content uploaded by the service account with your user.
Let us know if this helps
Best regards
I’m using JWT for the connections. I didn’t understand what I was supposed to do.
Here’s the code I’m using for the connection:
auth = JWTAuth.from_settings_file(‘C:/Users/077103869/Downloads/1153595375_rgd6y011_config.json’)
And this is the file :
{
“boxAppSettings”: {
“clientID”: “”,
“clientSecret”: “”,
“appAuth”: {
“publicKeyID”: “”,
“privateKey”: “”,
“passphrase”: “”
}
},
“enterpriseID”: “1153595375”
}
Hi,
I’m not sure which SDK are you using, I’m assuming python, but which one, the classical or the generated?
Anyway for the generated SDK, consider this code:
def main():
config = ConfigJWT()
jwt = JWTConfig.from_config_file(
config_file_path=config.jwt_config_path,
token_storage=FileWithInMemoryCacheTokenStorage(
".ent" + config.cache_file
),
)
auth = BoxJWTAuth(jwt)
client = BoxClient(auth)
me = client.users.get_user_me()
print(f"\nHello, I'm {me.name} ({me.login}) n{me.id}]")
auth = auth.as_user(config.jwt_user_id)
client = BoxClient(auth)
me = client.users.get_user_me()
print(f"\nHello, I'm {me.name} ({me.login}) n{me.id}]")
auth = auth.as_user("29598695136")
client = BoxClient(auth)
me = client.users.get_user_me()
print(f"\nHello, I'm {me.name} ({me.login}) n{me.id}]")
auth = auth.as_enterprise(config.enterprise_id)
client = BoxClient(auth)
me = client.users.get_user_me()
print(f"\nHello, I'm back to {me.name} ({me.login}) n{me.id}]")
if __name__ == "__main__":
main()
Executing it produces this:
Hello, I'm JWT (AutomationUser_1827756_bs5C1GfCgv@boxdevedition.com) o20130487697]
Hello, I'm Rui Barbosa (barduinor@gmail.com) o18622116055]
Hello, I'm Test APP User (AppUser_1841316_WPijcZsfjv@boxdevedition.com) o29598695136]
Hello, I'm back to JWT (AutomationUser_1827756_bs5C1GfCgv@boxdevedition.com) o20130487697]
For the classic python SDK, it is very similar.
from boxsdk import JWTAuth, Client
auth = JWTAuth.from_settings_file('/path/to/settings.json')
client = Client(auth)
service_account = client.user().get()
print(f'Service Account user ID is {service_account.id}')
user_to_impersonate = client.user(user_id='USER_ID_GOES_HERE')
user_client = client.as_user(user_to_impersonate)
current_user = user_client.user().get()
print(f'Current user ID is {current_user.id}')
Let us know if this helps
Cheers
When executing the code you passed me it gives me the following error:
Service Account user ID is 32503240531
“GET https://api.box.com/2.0/users/me” 403 217
{‘Date’: ‘Wed, 13 Mar 2024 21:01:51 GMT’, ‘Content-Type’: ‘application/json’, ‘x-envoy-upstream-service-time’: ‘82’, ‘box-request-id’: ‘0173ee255635dd28190ed20304d27057d’, ‘cache-control’: ‘no-cache, no-store’, ‘strict-transport-security’: ‘max-age=31536000’, ‘Via’: ‘1.1 google’, ‘Alt-Svc’: ‘h3=“:443”; ma=2592000,h3-29=“:443”; ma=2592000’, ‘Transfer-Encoding’: ‘chunked’}
{‘code’: ‘—ions’,
‘help_url’: ‘http://developers.box.com/docs/#errors’,
‘message’: ‘Access denied - insufficient permission’,
‘request_id’: ‘66lgfthnq1vgm8r5’,
‘status’: 403,
‘type’: ‘error’}
What permission would I need to enable?
Ah yes, forgot to mention that…
In the developer sonsole, in your app under the configurations tab, make sure:
The app access level is set to App+ Enterprise
And under the advanced features you have:
Since it is a JWT app remember to re-authorize after saving the changes:
Let us know if it worked
Cheers
I’ve been able to fix it. Thank you