Skip to main content
Question

Getting currently logged in User with Enterprise App

  • May 22, 2025
  • 7 replies
  • 37 views
C
Forum|alt.badge.img

We have an Enterprise App, which authenticates via JWT to Box for our enterprise. It's developed only for our enterprise internal use.  We are able to invoke AsUser to impersonate users successfully, if we know the UserID. We are designing this app so that any user who's already logged into Box (we use Okta) can load the app from an intranet url, and access information about their account, files, etc.

 

The problem we are trying to solve, is how to pass the information from the browser of who the currently logged in user is to the app. We are using the Box NodeJS SDK. Since this is being done with the enterprise app (JWT) we won't be using the OAuth protocol. Can this be done with our current setup, without writing a separate app (with oauth) to be used as a go-between? Thank you.

    7 replies

    C
    Forum|alt.badge.img

    Let me further clarify that all we are looking to get is the UserID of the currently logged in user. Or if there's some other session/authentication token that is compatible with the BOX NodeJS SDK to identify a user that can then be impersonated with AsUser, that works too.

    C
    Forum|alt.badge.img

    if you have an email, you can get the userId like this

     

    // adminClient is from jwt
adminAPIClient.enterprise.getUsers({filter_term: 'ken.domen@nike.com'}, function (err, data) {
        var userId = data.entries[0].id;
        console.log(email + ": " + userId)
        // do whatever..
});
    C
    Forum|alt.badge.img

    What if I have absolutely nothing? I wouldn't trust an email address, some user could figure that out, and enter someone else's email address. It needs to figure out who the authenticated user is without any input whatsoever from the user, i.e. only from the browser session data. It also needs to be cross-browser (Chrome, IE, Firefox, etc.).

    C
    Forum|alt.badge.img

    We use both oauth and jwt - https://github.com/kendomen/boxadmin/blob/master/app.js

     

    https://github.com/kendomen/boxadmin

     

    This is an example app that allows co-admins to run admin calls using jwt.

    C
    Forum|alt.badge.img

    Thank you for a great example. I will look through this more. Am I understanding it correctly that you have two apps authenticating to box? A JWT and an OAuth app? From the dev console, it looks like you have to choose one authentication scheme or another, but not both. If this is true, you have the user login with the Express Passport-Box module (via the OAuth app), which then passes the user id info back to the nodejs server which uses a second app (JWT) to connect to the admin side of things. Am I far off?

    C
    Forum|alt.badge.img

    You're right.  I have 2 box applications used by one webapp. 

     

    We created this app to allow normal users (oauth) to be able to perform admin actions (jwt) because we needed to scale out our support team. 

     

    One is used to authenticate the user using oauth.

    The other is used to perform actions that is beyond the authenticated user's scope. 

     

    An example of an action is "update email address". 

    To do that, there's these steps:

         1.  transfer content from the old user to the new user

         2.  delete the old user

         3.  add email alias

         4.  update the alias to be the primary email

         5.  remove email alias

     

    BOX_di01uzy0qj8i7dcdwwuchwi6or410qte.png

    C
    Forum|alt.badge.img

    Thanks for the great explanation and example.

    Terms of ServiceAccessibility statement