Here's what I'm trying to do:

I wrote a python desktop app and one of the things it does is check for a file locally and if it doesn't find it then it reaches out to my shared box folder and downloads it. Each user will be running their own copy of the app.

Here's the kicker though:

1 - I don't want the user to know what's going on behind the scenes...just that it's fetching the file(s). So I can't use Oauth2 because that requires user interaction.

2 - I want to be able to add/remove users as needed. When they're removed they no longer have access to the share. I'm thinking this involves sending each user some kind of code that they can input in my app that is unique to them.

There are so many options in Box and I'm fairly new to all this authentication mumbo-jumbo so I'm not really sure how to go about setting it all up.

I can authenticate to my own account using JWT but I can't see how to set it up for each user. 

I figured it'd be pretty straightforward

- invite new user to top level share

- generate code for new user

- send code to user and tell them to enter it in the app

- profit.

I appreciate any help you are able to provide.

Thanks,

Chad