CLI command tokens:get does not work.

Hi 17402190421523

The problem you are having in this case, seems to be that you have not authenticated your BoxCLI with Box yet.

In order to do that, you can follow this instruction: https://developer.box.com/guides/cli/cli-docs/jwt-cli/ . It will help you get started with BoxCLI using JWT authentication.
Just keep in mind that, after authenticating with BoxCLI, you don't need to get the token for each time you run a command, as your request will be authenticated by JWT configuration.

If you have any other questions, just let us know.

Best,
Minh Nguyen Cong

I originally setup CLI using a OAuth 2.0 (User or Client Authentication) as suggested by the QuickStarts article.

After switching to a OAuth 2.0 with JSON Web Tokens (Server Authentication) App, I can get back a token.  However, using this token I do not get any items when query the root folder (id = 0).  Any suggestion?  The same query using the Developer token from the same app does not have any problems listing the files and folders in the root folder.

Hi 17284731864723

Please aware that if you are authenticating using OAuth 2.0, it means that you are using your user account for every command. But if you are authenticating using JWT, you will use an App Account when call the command, and this account will have separate storage, login, permission, ... from your user account.

So in this case, if your app granted the permission to "Make API calls using the as-user header" in the JWT App configuration page, you can append this flag  `--as-user=user-id` to the command, then the command will be run as some specific user but not by the App User anymore.

Example:

box folders:items 0 --as-user=123456

Best,
Minh

Thanks for a quick response.  That makes sense.  However, I could not get it to work.  First I went to the App's General Settings and get the UserID from there (this user ID and enterprise ID are the same for all custom apps).  Then went to the App's Configuration, checked the box "Make API calls using the as-user header", clicked Save Changes, and waited 10 mins or so.  I tried the command below:

box folders:items 0 --as-user=19054*******

And get this error:
Unexpected API Response [403 Forbidden | mbdmythew46m6r94.0e4dd9bdb8ead9b372af717f4ed91e72] access_denied_insufficient_permissions - Access denied - insufficient permission

Hi 17284731864723

You can try to create a new public / private key pair, generate the JSON config file, then add it into BoxCLI again. I think it will work.

Best,

Minh

Apparently, the token has very limited scopes even in the App Account (not the as-user).  I could not create folders/files/... Even though on the Configuration page, "Read all...", "Write all...", etc are selected.  Please advice:

C:\Users\test>box folders:create 0 "Level2"
Unexpected API Response [403 Forbidden | .075ce3c65b8298fbae27498286733bed7]

Screenshot of configuration:

Hi 17284731864723

Here is a few things you can try to check it:
- Get the current user information to see if you are authenticated as correct user by

box  users:get

In case it return something like error 403, it means that the JWT you are using is invalid at this moment, and you should generate and import the new config file.

- When you changed something in the Configuration pages, I recommend you to remove the previous public key (red button on your screenshot), and generate new Public/Private keypair. Download the new JSON config file. Then use this command to add it to BoxCLI.

box configure:environments:add PATH --name=profile-name

- Then set the new added profile as default profile using:

box configure:environments:set-current profile-name

If it still does not work for you, just let me know.

P.s: Maybe you can try the option "Generate user access tokens" also.

All ready tried recreating the pair.  Will try to create a new App next.

Box users:get work fine.

Type: user
ID: '262708******'
Name: VIGeneral001
Login: AutomationUser_204****_******@boxdevedition.com
Created At: '2023-06-06T21:47:02-07:00'
Modified At: '2023-06-07T15:35:32-07:00'
Language: en
Timezone: America/Los_Angeles
Space Amount: 10737418240
Space Used: 0
Max Upload Size: 2147483648
Status: active
Job Title: ''
Phone: ''
Address: ''
Avatar URL: 'https://app.box.com/api/avatar/large/2627*****'
Notification Email: []

"box folders:items 0" works, but return no files/folders.

So it's working as expected, as I mention before here: https://support.box.com/hc/en-us/community/posts/17420467407891/comments/17495916543635 

You can put --as-user flag to the command to get the files of other users.

No, nothing seems to work.  --as-user does not work.  

Worse, we cannot modify anything under even the app own App Account. 
To be sure, we deleted all the existing apps.  Deleted all configuration:environments.  Reboot the computer.  Created and setup a brand new App.  Add a new environment.  But still no go.  Please see the CLI output below:

C:\Users\test>box configure:environments:get
No environment(s) exists

C:\Users\test>box configure:environments:add C:\Projects\VI\portal\portal-box\Jun12_config.json --name=jun12
Successfully added CLI environment "jun12"

C:\Users\test>box configure:environments:set-current jun12
The jun12 environment has been set as the default

C:\Users\test>box configure:environments:get
Jun12:
    Client ID: ****
    Enterprise ID: '****'
    Box Config File Path: 'C:\Projects\VI\portal\portal-box\Jun12_config.json'
    Has Inline Private Key: true
    Private Key Path: null
    Name: jun12
    Default As-User ID: null
    Use Default As-User: false
    Cache Tokens: true

C:\Users\test>box users:get
Type: user
ID: '****'
Name: TestJun12
Login: AutomationUser_****_****@boxdevedition.com
Created At: '2023-06-12T16:04:02-07:00'
Modified At: '2023-06-12T16:04:22-07:00'
Language: en
Timezone: America/Los_Angeles
Space Amount: 10737418240
Space Used: 0
Max Upload Size: 2147483648
Status: active
Job Title: ''
Phone: ''
Address: ''
Avatar URL: 'https://app.box.com/api/avatar/large/****'
Notification Email: []

C:\Users\test>box users:get
Type: user
ID: '****'
Name: TestJun12
Login: AutomationUser_****@boxdevedition.com
Created At: '2023-06-12T16:04:02-07:00'
Modified At: '2023-06-12T16:04:22-07:00'
Language: en
Timezone: America/Los_Angeles
Space Amount: 10737418240
Space Used: 0
Max Upload Size: 2147483648
Status: active
Job Title: ''
Phone: ''
Address: ''
Avatar URL: 'https://app.box.com/api/avatar/large/****'
Notification Email: []

C:\Users\test>box folders:items 0
(no output here)

C:\Users\test>box folders:create 0 Dir001
Unexpected API Response [403 Forbidden | .013885b37fe6a7ea0d34bbe8fe0fb92f4]

C:\Users\test>box files:upload C:\temp\test001.txt
Unexpected API Response [403 Forbidden]

Below is the app configuration which shows "Read all.." and "Write all..." are enabled.

Hi,

Can you just following this tutorial, I think you still missing the step to Submit your App to the Enterprise Admin and authorise your app from Admin page.
https://developer.box.com/guides/cli/cli-docs/jwt-cli/#authorize-the-application

In the same time, you should change to App + Enterprise Access in App Access Level if you want to access content of other user in your enterprise.

The previous screenshot does not show it, but that was the settings for the previous app.  Below are the output and new setup after creating a new pair and reload the environment.  Still could not add anything to the root folder.

box configure:environments:delete jun12
The jun12 environment was deleted

box configure:environments:add C:\Projects\VI\portal\portal-box\jun12_new_config.json --name=newjun12
Successfully added CLI environment "newjun12"

box configure:environments:get
Newjun12:
    Client ID: ****
    Enterprise ID: '****'
    Box Config File Path: 'C:\Projects\VI\portal\portal-box\jun12_new_config.json'
    Has Inline Private Key: true
    Private Key Path: null
    Name: newjun12
    Default As-User ID: null
    Use Default As-User: false
    Cache Tokens: true

box users:get
Type: user
ID: '****'
Name: TestJun12
Login: AutomationUser_****@boxdevedition.com
Created At: '2023-06-12T16:04:02-07:00'
Modified At: '2023-06-12T16:04:22-07:00'
Language: en
Timezone: America/Los_Angeles
Space Amount: 10737418240
Space Used: 0
Max Upload Size: 2147483648
Status: active
Job Title: ''
Phone: ''
Address: ''
Avatar URL: 'https://app.box.com/api/avatar/large/****'
Notification Email: []

box folders:create 0 Dir002
Unexpected API Response [403 Forbidden | .0af1073e1bbb876bc40ec9d218106eae6]

The app has been authorized.  I believe "box users:get" will show something like "Could not do XYZ on device ABC..." when the app is not authorized.  See screenshot for the settings below: