Posibility to authenticate user via standard oauth via post in C#

Highlighted
Occasional Contributor

Posibility to authenticate user via standard oauth via post in C#

Hello community,

i have already working application in C# where i can authenticate with my own IBM creds for my personal box and grant access to my box to application, everything works as i expected. But my question is, it's possible to speed up authentication via POST auth method? For example, where i send my login, email and password (encrypted i think) in post arguments and i get code which i exchange for access token, like in standard oauth 2.0? With this i can skip webbrowser login windows and directly login to box account. Why i need to do this is automation purposes for blueprism, where i can access personal box folder without needed to enter my creds and click to grant access to my box folder to application. One way is JWT, which works but JWT can see only service account files and folders, that means nothing from our entire Team BOX files and folders.

 

Thank you

7 REPLIES 7
Highlighted
Box Employee

Re: Posibility to authenticate user via standard oauth via post in C#

Hi @BAILANDO,

 

With standard OAuth 2 you will not be able to bypass the user login step. You're on the right track though, JWT will be the right method for you to use for that task.

 

While it's true that when you first authenticate as the JWT application you will be able to access the service account files / folders, you can perform actions as other users in the enterprise or scope the access token to a specific user (like the OAuth 2 method) to access user files instead of the service account. There are two ways to do it:

  1. Scope the access token for the user
  2. Perform actions on behalf of a user

I'd recommend #1 personally, since having an access token scopes for the user will allow you to downscope the token if you want to reduce the access permissions for security reasons.

 

Hope that helps,

Jon

Highlighted
Occasional Contributor

Re: Posibility to authenticate user via standard oauth via post in C#

Hi,

thank you for your answer.

 

I tried to create simple code only for authentication but im getting exception for null reference in this code, on line with token (sdk.UserToken). I found my id on account settings. What im doing wrong?

 

private void BoxAuthenticate()
{
var reader = new StreamReader("320657095_jsndysht_config.json");
var json = reader.ReadToEnd();
var config = BoxConfig.CreateFromJsonString(json);

var userId = "123xxxxxxxx";
var sdk = new Box.V2.JWTAuth.BoxJWTAuth(config);
var token = sdk.UserToken(userId);
client = sdk.UserClient(token, userId);
}

 

Highlighted
Occasional Contributor

Re: Posibility to authenticate user via standard oauth via post in C#

Now i tried to create app user with API and getting error about JSON deserialize exception

 

private async void CreateAppUser()
{
var userParams = new BoxUserRequest()
{
Name = "App User 1",
IsPlatformAccessOnly = true
};
BoxUser newUser = await client.UsersManager.CreateEnterpriseUserAsync(userParams);
Console.WriteLine(newUser.Name);
Console.WriteLine(newUser.Role);
}
Highlighted
Box Employee

Re: Posibility to authenticate user via standard oauth via post in C#

Hi @BAILANDO,

 

Off hand your code seems perfectly fine. Can you post out the full error stack trace and which lines the error is being produced on? I have a recent code sample where I was creating app users with an Okta integration if you want to take a look (bottom of the sample). It's pretty well the same as what you have there though.

 

With the additional information we can dig in further into the error. 

Highlighted
Occasional Contributor

Re: Posibility to authenticate user via standard oauth via post in C#

Hello,

im sending screens of my code .

JSON error appear when i tried to create app user into app, because app showing 0 app user (doing it with JWT admin token, it auth succesfully as service account, but cant create app user) and second is when i tried to login as user token, but here can be problem because i use user id for my account, not for app user because app user is not created yet. Application is configured for Application access, not enterprise, because we can't use enterprise access in our enviroment. UserId is edited while debugging, but exception is same with my id either.rider64_1Z457FkWRY.pngrider64_grdReaLFfG.pngrider64_ZJ2FsbcH37.png

Highlighted
Occasional Contributor

Re: Posibility to authenticate user via standard oauth via post in C#

Hello,

any news please?

 

I tried again to create JWT via user token access but still getting error.

Occasional Contributor

Re: Posibility to authenticate user via standard oauth via post in C#

Problem solved.

For creating app user i just needed to switch application scope to enterprise scope, create app user, get login and id for new app user and then i can switch back to application scope and fetch data from box for folders and files where this app user is invited in sharing.

 

Thank you for your help.

 

Adam.