JWT Authentication used to access api for admins and co-admins

SOLVED
Go to solution
Highlighted
New Contributor

JWT Authentication used to access api for admins and co-admins

The problem we're trying to solve:

We are currently trying to use Standard Oauth 2.0 (user authentication) to collect from an entire enterprise, the files/folders/metadata of any selected user in the account. But the problem we're running in to, is when we create a co-admin and then use that account to authenticate with, they do not have access to other co-admins or even the admin.

 

Is there a better way to authenticate that would allow us to collect from everyone? Including the admin and co-admins. Currently we are using the As-User header to perform requests as users, but this header does not appear to work on admin-like accounts. We always get a 403, with an "access_denied_insufficient_permissions" error.

 

From looking around, it seems like https://developer.box.com/guides/authentication/jwt/user-access-tokens/ might be a viable option, but would this allow us to create access tokens for the admin/co-admins? This would be quite a big change for us to move to this type of authentication, so I want to make sure before we start to move to it. 

 

Thank you!

2 REPLIES 2
Highlighted
Occasional Contributor

Re: JWT Authentication used to access api for admins and co-admins

Hi @marcus292,

 

Co-admins will not be able to 'as-user' as the primary admin or any co-admin as far as I know. This is for security purposes. JWT applications will have a service account that is similar to an admin account and can utilize the as-user header for co-admins and/or generate user access tokens.

Highlighted
Box Employee

Re: JWT Authentication used to access api for admins and co-admins

I can confirm that this should work.


---
Developer Advocate @ Box