Skip to main content
Question

Need some Clarification on JWT Authentication of Box

  • May 27, 2025
  • 3 replies
  • 18 views
C
Forum|alt.badge.img

Hello team,

I am using BoxSDK for python. There I am using JWT authentication. I have created an app on Developer account for testing which uses authentication as OAuth 2.0 with JSON Web Tokens (Server Authentication).

After creating this TestApp in developer account I am using it in some APIs to do some basic operations in Box. I also got an Service Account ID. related to my test app. 

All good till here. 

But I am facing issue when I am uploading a folder in my box account through browser and then try accessing that folder contents via Box API, its not accessible.

The same is accessible when I am adding the service account ID as a collaborator in that folder.

So I want to know if there is any option using which I dont need to do the above part i.e. adding service account ID as a collaborator in every folder that I want to access through API. Please suggest.

Is this behavior only for test account? If I take Enterprise edition of Box, will this issue be solved?

I need that whatever folder I upload in Box through website, it should be accessible vis API where I am using JWT authentication.

Many thanks for your help.

 

    3 replies

    C
    Forum|alt.badge.img
    • community-manager
    • Author
    • Known Participant
    • 34746 replies
    • May 27, 2025

    Hi Deepak,

    A service account can impersonate a user, and from your description I think it can solve your use case.

    Take a look at the usage of the as-user in the python SDK here.

    For more information see:

    Let us know if this helped.

    Cheers

    C
    Forum|alt.badge.img
    • community-manager
    • Author
    • Known Participant
    • 34746 replies
    • May 27, 2025

    Hello Rui,

     

    Many thanks for the inputs. Using as User Param worked for me actually.

    But still I have one issue. If I am directly calling the Box API, its working. But if I am calling from code for SDK its not working. Just refer the code below. Case 1 is returning data, but code in case 2 is not returning data.. Not sure why. Your help on this will be really appreciated.

    1:-

    auth = JWTAuth.from_settings_file('/Users/deepakkumar/Desktop/aims_admin/aims_admin/config.json')
    access_token = auth.authenticate_instance()
    url = "https://api.box.com/2.0/folders/191086611195/items"
    payload = {}
    headers = {
        'Authorization': 'Bearer '+ access_token,
        'as-user': '23183548938'
    }
    response = requests.request("GET", url, headers=headers, data=payload)

    2:-

    auth = JWTAuth.from_settings_file('/Users/deepakkumar/Desktop/aims_admin/aims_admin/config.json')
    access_token = auth.authenticate_instance()
    client = Client(auth)
    user_to_impersonate = client.user(user_id='23183548938')
    user_client = client.as_user(user_to_impersonate)
    items = user_client.folder(folder_id='191086611195').get_items()

     Regards

    Deepak Kumar

    C
    Forum|alt.badge.img
    • community-manager
    • Author
    • Known Participant
    • 34746 replies
    • May 27, 2025

    Hi Deepak,

    I think you're just missing the last step.

    The .get_items() returns an object but doesn't actually get each item:

    I've slightly tweaked your example:

    from boxsdk import JWTAuth, Client

    def main():
       auth = JWTAuth.from_settings_file('./.jwt.config.json')
       auth.authenticate_instance()
       client = Client(auth)

       me = client.user().get()
       print(f"Service account user: {me.id}:{me.name}")

       user_id_to_impersonate = '18622116055'
       folder_of_user_to_impersonate = '191176042455'

       user_to_impersonate = client.user(user_id=user_id_to_impersonate).get()
       # the .get() is just to be able to print the impersonated user
       print(f"User to impersonate: {user_to_impersonate.id}:{user_to_impersonate.name}")

       user_client = client.as_user(user_to_impersonate)
       items = user_client.folder(folder_id=folder_of_user_to_impersonate).get_items()

       print(f"Items in folder:{items}")

    # we need a loop to actually get the items info
    for item in items:
          print(f"Item: {item.type}\t{item.id}\t{item.name}")

    With the following results:

    Service account user: 20344589936:UI-Elements-Sample
    User to impersonate: 18622116055:Rui Barbosa
    Items in folder:<boxsdk.pagination.limit_offset_based_object_collection.LimitOffsetBasedObjectCollection object at 0x103db7e20>
    Item: folder    191177421988    files_to_upload
    Item: file      1119062117269   file_a.txt

    Cheers

     

     

     

     


    Terms & ConditionsCookie settingsAccessibility statement