Specifying folder resource for base_upload in token exchange

Highlighted
New Contributor

Specifying folder resource for base_upload in token exchange

I'm trying to generate a downscoped token for the Content Uploader UI Element, per the documentation here. But I keep getting stuck when trying to specify a resource.

 

In the documentation, it says that the desired upload folder should be specified as the resource on the request:content_uploader_doc.png

But when I specify my resource using a URI like https://api.box.com/2.0/folders/FOLDER_ID, I consistently get an invalid resource error.

 

{ error: 'invalid_resource',
        error_description: 'The target resource is invalid.' } }

 

My full code looks like this:

 

const scopes = 'base_upload';
  const folder = process.env.FOLDER_ID;
  const resource = `https://api.box.com/2.0/folders/${folder}`
  const configJSON = JSON.parse(fs.readFileSync('./box-config.json'));
  const sdk = boxSDK.getPreconfiguredInstance(configJSON);
  const client = sdk.getAppAuthClient('enterprise');

  client.exchangeToken(scopes, folder).then((tokenInfo) => {
    // Do stuff
  }).catch((err) => {
    console.error(err);
  });

 

What am I doing wrong? Am I specifying the folder URI incorrectly?

 

FWIW, I've tried similar code that does not include a resource parameter on the exchangeToken call. That works in the sense that I get an access token back. But then, when I pass that token to the Content Uploader, it appears the token does not grant access to the folder (I get a 404 error in the browser console that the specified folder cannot be found). I assume that's because the token was not scoped to have access to that folder.

 

 

 

 

 

4 REPLIES 4
Highlighted
Box Employee

Re: Specifying folder resource for base_upload in token exchange

This usually means that the Folder ID that you have specified is not valid on your Box.com account. Are you sure that the folder ID that you are passing in is valid?

 

Perhaps add some debugging to your code to see what folder ID you are passing into the Token Exchange request?

Also, maybe login to your Box account and see if you can see that folder in the web app on box.com.

 

For example, you can view a folder on Box (after you have logged in) as:

 

https://cloud.app.box.com/folder/<FOLDER ID>

 

Perhaps you can try your folder ID with that URL and see if you can see a valid folder. If not, navigate to the folder you wish to use within the webapp and see what folderID is at the end of your URL. Make sure it matches up with what you expect in your code.

 

Highlighted
New Contributor

Re: Specifying folder resource for base_upload in token exchange

Thanks for the reply. It's definitely getting a valid folder URI. I confirmed the folder ID in the URI matches the ID at the end of the URL for the folder on the web app. I also tested using the Get Folder Info example in the API docs. The API had no problem getting the metadata for the folder after I'd signed in with my credentials. So the folder ID is correct.

 

I'm guessing that either I'm passing the folder URI to exchangeToken in the wrong format (it's getting the string "https://api.box.com/2.0/folders/FOLDER_ID" as the second parameter), or for some reason, the client in my code doesn't have access to the folder via the API.

Highlighted
New Contributor

Re: Specifying folder resource for base_upload in token exchange

Also, I have tried both the full URI for the folder ("https://api.box.com/2.0/folders/FOLDER_ID") and the raw folder ID (i.e., just the number) as the second parameter to client.exchangeToken. Neither has worked.

Highlighted
New Contributor

Re: Specifying folder resource for base_upload in token exchange

Did this ever get solved? I'm having the same issue. I've:

- Set up a folder in my main Box.com account

- Set up a group that has Edit access to the folder

- Added my App service user to the group

- Tried impersonating main users instead of using the service client

 

In all cases, I get an invalid_resource response when using JWT. If I use OAuth on the main account, then I'm able to get the token.