Server side authentication without user interaction

Highlighted
New Contributor

Server side authentication without user interaction

Hi, 

 

I'm looking for a way to do server side authentication without the need for user interaction (no browser).

If I understand correctly, I should use an app which uses the 'OAuth 2.0 with JWT' method of authentication.

I can't use the available SDKs.

I'm trying to wrap my head about the flow and what exactly should be done to authenticate.

I've got my client_id and client_secret.

How should I proceed from here? a short code sample in any development language (preferably in Java) would be appreciated. 

 

Thanks,

J

3 REPLIES 3
Highlighted
Box Employee

Re: Server side authentication without user interaction

Hi @j321,

 

You're correct, JWT will be the way to go. This guide will walk you through the JWT process (includes Java samples) without the use of one of the SDKs.

 

- Jon 

Highlighted
Box Employee

Re: Server side authentication without user interaction

Hey @j321 - I suspect you'll want to use what we refer to as "JWT Auth" in our documentation, which allows you to create an application that interacts with Box without involving an explicit user authorization step via browser.

 

Since you aren't using our SDKs, the process of authenticating is a bit tricky, but our documentation should get you through it - see this page (which has code examples): https://developer.box.com/guides/authentication/jwt/without-sdk/

 

I suggest you read the following before you get started:

https://developer.box.com/guides/authentication/jwt/

https://developer.box.com/guides/authentication/select/

 

Highlighted
New Contributor

Re: Server side authentication without user interaction

Hi @dandennhardt@jcleblanc 

 

Thanks for the references. I've went over them and I'm unsure if they can solve the issue I'm facing.

If I understand correctly, in order to use the authentication flow with JWT and without user interaction, I need to use a public/private key pair. This in turn requires 2FA which means that I must enter a valid phone number. This is problematic as a user that is going to authorize the app does not always have a phone number configured.

 

I'm trying to do server to server authentication. This should happen in the background without user involvement.

 

Is there a way to authenticate without user interaction and without a phone number? I'm looking for a flow similar to:

1. User creates an app that uses OAuth2.0 with JWT

2. User provides my service a set of creds: client ID and client secret (and possibly something else)

3. My service authenticates and gets a token to retrieve data from Box

4. If the token expires, my service refreshes/creates a new token to retrieve data

 

Thanks,

J