Welcome to the new Box Support website. Check out all the details here on what’s changed.

Box Status

JWT Oauth 2.0 using powershell

Answered
Follow
New post
TimOdell

I am not sure if this is possible so I am looking for some help.  I want to use the JWT token I received using the c# API in PowerShell scripts.

 

In this scenario I am successfully retrieving the AdminToken and saving it to a file with the following code:

 
BoxConfig config = null;
using (FileStream fs = new FileStream("BoxConfig.json", FileMode.Open))
{
    config = BoxConfig.CreateFromJsonFile(fs);
}

// Create JWT auth using config file
var boxJWT = new BoxJWTAuth(config);

// Create admin client
var adminToken = boxJWT.AdminToken();
var adminClient = boxJWT.AdminClient(adminToken);

System.IO.File.WriteAllText("Token.txt", adminToken);
 
I then have a PowerShell cmdlet function that returns a BoxUser using the token as follows:
Get-BoxUser -Token 't8fUfbcHHcUbY8hak1o7UMEioSu0cOdy' -BoxUserid ***number removed for privacy*** -Verbose
That cmdlet returns this error: 
User : System.Management.Automation.CmdletInvocationException: The remote server returned an error: (404) Not Found. ---> System.Net.WebException: The
server returned an error: (404) Not Found.
icrosoft.PowerShell.Commands.WebRequestPSCmdlet.GetResponse(WebRequest request)
icrosoft.PowerShell.Commands.WebRequestPSCmdlet.ProcessRecord()
End of inner exception stack trace ---
ystem.Management.Automation.ExceptionHandlingOps.CheckActionPreference(FunctionContext funcContext, Exception exception)
ystem.Management.Automation.Interpreter.ActionCallInstruction`2.Run(InterpretedFrame frame)
ystem.Management.Automation.Interpreter.EnterTryCatchFinallyInstruction.Run(InterpretedFrame frame)
ystem.Management.Automation.Interpreter.EnterTryCatchFinallyInstruction.Run(InterpretedFrame frame)
:1 char:1
oxUser -Token '0UJWdo7g27ej1YTWWQO3nDtfLyI2Ls2p' -BoxUserid ***number removed for privacy*** -Verb ...
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
ategoryInfo          : NotSpecified: (:) [Write-Error], WriteErrorException
ullyQualifiedErrorId : Microsoft.PowerShell.Commands.WriteErrorException,Get-BoxUser
when I replace the -Token parameter with one that I receive using the Token Refresh method the
code works fine and the BoxUser is returned.
 
So something is different between token created using the Refresh method vs the JWT token.
 
Is what I am attempting even possible?
 
 
0

Comments

1 comment

Date Votes
  • mwiller

     You're probably making the API call as two different users when you use the different tokens — when you get tokens through the JWT grant with the code you have in your original post, you're authenticated as the Service Account, a special user representing your application in the enterprise the app is authorized in.  This user may not have the permissions or access to view the users in your enterprise, depending on what you've enabled in the Developer Console for your application.  You can verify that this is the problem by making an API call to `GET /users/me` with each type of token to see which account you're authenticated as.  Assuming that's the case, could you try the following steps and let me know if that fixes your problem?

     

    1. In the Developer Console, ego to the Configuration page for your application and ensure that Application Access is set to Enterprise.  Also ensure that the Manage Users Application Scope is checked.
    2. Re-authorize your application for your enterprise — this is done in the Admin Console, and you may need to ask your enterprise administrator to do this for you if you're not the enterprise admin.
    3. Try your code again and verify that you can retrieve the user information you want using JWT auth.
    0
    Comment actions Permalink

Please sign in to leave a comment.