response difference on JWT OAuth and standard OAuth

Highlighted
New Contributor

response difference on JWT OAuth and standard OAuth

I created a custom App and used standard OAuth to get the contents of the folder after manually logging-in via API. I didn't authorize or do anything extra apart from setting the redirect URL and it works fine(all the files and folders I've created manually are visible).

But I didn't want the user to log in manually, so 

 

My first question is that can I login via standard OAuth API without explicitly logging in?

 

I didn't find any related info so, I created another custom app with JWT OAuth, generated public-private key pair, gave it all the permissions and also authorized the custom app. Now when I hit the API I get the response but it doesn't show any of the files and folders I had uploaded manually, it shows the different user id.

 

What is causing this issue? Any guidance will be appreciated.

 

response standard OAuth

stdClass Object
(
    [type] => folder
    [id] => 0
    [sequence_id] => 
    [etag] => 
    [name] => All Files
    [created_at] => 
    [modified_at] => 
    [description] => 
    [size] => 19529911
    [path_collection] => stdClass Object
        (
            [total_count] => 0
            [entries] => Array
                (
                )

        )

    [created_by] => stdClass Object
        (
            [type] => user
            [id] => 
            [name] => 
            [login] => 
        )

    [modified_by] => stdClass Object
        (
            [type] => user
            [id] => xxx842
            [name] => bla bla
            [login] => ***email address removed for privacy***
        )

    [trashed_at] => 
    [purged_at] => 
    [content_created_at] => 
    [content_modified_at] => 
    [owned_by] => stdClass Object
        (
            [type] => user
            [id] => xxx842
            [name] => bla bla
            [login] => ***email address removed for privacy***
        )

    [shared_link] => 
    [folder_upload_email] => 
    [parent] => 
    [item_status] => active
    [item_collection] => stdClass Object
        (
            [total_count] => 3
            [entries] => Array
                (
                    [0] => stdClass Object
                        (
                            [type] => folder
                            [id] => xxx341
                            [sequence_id] => 1
                            [etag] => 1
                            [name] => snc_box_test_folder
                        )

                    [1] => stdClass Object
                        (
                            [type] => folder
                            [id] => xxx189
                            [sequence_id] => 1
                            [etag] => 1
                            [name] => snc_test
                        )

                    [2] => stdClass Object
                        (
                            [type] => file
                            [id] => xxx003
                            [file_version] => stdClass Object
                                (
                                    [type] => file_version
                                    [id] => xxx603
                                    [sha1] => 1207fdf3d9b794254f174bla7baa856c06151f25
                                )

                            [sequence_id] => 0
                            [etag] => 0
                            [sha1] => 1207fdf3d9b794254f174bla7baa856c06151f25
                            [name] => lion-sample.webm
                        )

                )

            [offset] => 0
            [limit] => 100
            [order] => Array
                (
                    [0] => stdClass Object
                        (
                            [by] => type
                            [direction] => ASC
                        )

                    [1] => stdClass Object
                        (
                            [by] => name
                            [direction] => ASC
                        )

                )

        )

)

 JWT OAuth response

stdClass Object
(
    [type] => folder
    [id] => 0
    [sequence_id] => 
    [etag] => 
    [name] => All Files
    [created_at] => 
    [modified_at] => 
    [description] => 
    [size] => 0
    [path_collection] => stdClass Object
        (
            [total_count] => 0
            [entries] => Array
                (
                )

        )

    [created_by] => stdClass Object
        (
            [type] => user
            [id] => 
            [name] => 
            [login] => 
        )

    [modified_by] => stdClass Object
        (
            [type] => user
            [id] => xxx989 ------------------- different id here
            [name] => snc_box_test1
            [login] => ***email address removed for privacy***
        )

    [trashed_at] => 
    [purged_at] => 
    [content_created_at] => 
    [content_modified_at] => 
    [owned_by] => stdClass Object
        (
            [type] => user
            [id] => xxx989 ------------------- different user id
            [name] => snc_box_test1
            [login] => ***email address removed for privacy***
        )

    [shared_link] => 
    [folder_upload_email] => 
    [parent] => 
    [item_status] => active
    [item_collection] => stdClass Object
        (
            [total_count] => 0
            [entries] => Array
                (
                )

            [offset] => 0
            [limit] => 100
            [order] => Array
                (
                    [0] => stdClass Object
                        (
                            [by] => type
                            [direction] => ASC
                        )

                    [1] => stdClass Object
                        (
                            [by] => name
                            [direction] => ASC
                        )

                )

        )

)

 I am using PHP and currently I'm testing on localhost.

4 REPLIES 4
Highlighted
Occasional Contributor

Re: response difference on JWT OAuth and standard OAuth

Hi @snc, when you use JWT you don't authenticate as you, the managed user. Instead you are authenticate as a service account, which obviously does not have access to your files and folders.

 

You can use the as-user header to access your own files and folders.

 

https://developer.box.com/guides/authentication/jwt/as-user/

Highlighted
New Contributor

Re: response difference on JWT OAuth and standard OAuth

@bettaio Thanks for the quick response. 
I am using JWT without SDK as there is no documentation for php in other methods (Reference), I'm following the sample code provided in the GitHub page, where they do not mention to perform any such action that's probably why I didn't do so. 
Nevertheless, after your suggestion I used 'as-user' in header, but it gives the following error - 

 

Message: Client error response [url] https://api.box.com/2.0/folders/0 [status code] 403 [reason phrase] Forbidden

 

 Is there anything else I can do? Am I still missing something? Please respond _/\_

Highlighted
New Contributor

Re: response difference on JWT OAuth and standard OAuth

As @bettaio suggested I was authorizing as enterprise but to view, download or upload files I must have access as a user. I achieved success by using 'box_sub_type'  as 'user' instead of 'enterprise' and passing {user id} instead of {enterprise id}. 

 

Change this ↓↓

$claims = [
	  'iss' => $config->boxAppSettings->clientID,
	  'sub' => $config->enterpriseID,
	  'box_sub_type' => 'enterprise',
	  'aud' => $authenticationUrl,
	  'jti' => base64_encode(random_bytes(64)),
	  'exp' => time() + 45,
	  'kid' => $config->boxAppSettings->appAuth->publicKeyID
	  ];

to 

this ↓↓

$userID =  '123456';
		
$claims = [
	  'iss' => $config->boxAppSettings->clientID,
	  'sub' => $userID,
	  'box_sub_type' => 'user',
	  'aud' => $authenticationUrl,
	  'jti' => base64_encode(random_bytes(64)),
	  'exp' => time() + 45,
	  'kid' => $config
      ];

 References - 

Highlighted
Occasional Contributor

Re: response difference on JWT OAuth and standard OAuth

That works as well.