My application needs to access all Box user accounts in the Box enterprise. I'm trying to decide whether to use "Server Authentication (with JWT)" or "Server Authentication (Client Credentials Grant)". Using JWT requires an additional public/private key. Is this authentication option more secure? When should I use one versus the other?
Question
"Server Authentication (with JWT)" versus "Server Authentication (Client Credentials Grant)"
In hopes of getting attention from someone in Box's Support department, I wrote this today:
Apologies for the delay Steve, and thanks for the call out Mr. Smith.
It really depends on what your end goal is here. Both authentication options are secure, but JWT authentication is more suited for app users, or for users that don't have a Box account already. Utilizing the Client Credentials Grant or Client Side authentication, is ideal for users that already have Box accounts and is the most user friendly.
I recommend you take a look at our developer documentation that deals specifically with authentication. That documentation can be found here.
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.