JWT Oauth 2.0 using powershell
AnsweredI am not sure if this is possible so I am looking for some help. I want to use the JWT token I received using the c# API in PowerShell scripts.
In this scenario I am successfully retrieving the AdminToken and saving it to a file with the following code:
BoxConfig config = null; using (FileStream fs = new FileStream("BoxConfig.json", FileMode.Open)) { config = BoxConfig.CreateFromJsonFile(fs); } // Create JWT auth using config file var boxJWT = new BoxJWTAuth(config); // Create admin client var adminToken = boxJWT.AdminToken(); var adminClient = boxJWT.AdminClient(adminToken); System.IO.File.WriteAllText("Token.txt", adminToken);
Get-BoxUser -Token 't8fUfbcHHcUbY8hak1o7UMEioSu0cOdy' -BoxUserid ***number removed for privacy*** -VerboseThat cmdlet returns this error:
User : System.Management.Automation.CmdletInvocationException: The remote server returned an error: (404) Not Found. ---> System.Net.WebException: The server returned an error: (404) Not Found. icrosoft.PowerShell.Commands.WebRequestPSCmdlet.GetResponse(WebRequest request) icrosoft.PowerShell.Commands.WebRequestPSCmdlet.ProcessRecord() End of inner exception stack trace --- ystem.Management.Automation.ExceptionHandlingOps.CheckActionPreference(FunctionContext funcContext, Exception exception) ystem.Management.Automation.Interpreter.ActionCallInstruction`2.Run(InterpretedFrame frame) ystem.Management.Automation.Interpreter.EnterTryCatchFinallyInstruction.Run(InterpretedFrame frame) ystem.Management.Automation.Interpreter.EnterTryCatchFinallyInstruction.Run(InterpretedFrame frame) :1 char:1 oxUser -Token '0UJWdo7g27ej1YTWWQO3nDtfLyI2Ls2p' -BoxUserid ***number removed for privacy*** -Verb ... ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ategoryInfo : NotSpecified: (:) [Write-Error], WriteErrorException ullyQualifiedErrorId : Microsoft.PowerShell.Commands.WriteErrorException,Get-BoxUserwhen I replace the -Token parameter with one that I receive using the Token Refresh method the
-
You're probably making the API call as two different users when you use the different tokens — when you get tokens through the JWT grant with the code you have in your original post, you're authenticated as the Service Account, a special user representing your application in the enterprise the app is authorized in. This user may not have the permissions or access to view the users in your enterprise, depending on what you've enabled in the Developer Console for your application. You can verify that this is the problem by making an API call to `GET /users/me` with each type of token to see which account you're authenticated as. Assuming that's the case, could you try the following steps and let me know if that fixes your problem?
- In the Developer Console, ego to the Configuration page for your application and ensure that Application Access is set to Enterprise. Also ensure that the Manage Users Application Scope is checked.
- Re-authorize your application for your enterprise — this is done in the Admin Console, and you may need to ask your enterprise administrator to do this for you if you're not the enterprise admin.
- Try your code again and verify that you can retrieve the user information you want using JWT auth.
Please sign in to leave a comment.
Comments
1 comment