Insufficient scope for file upload in Python, using JWT

Hi, 

Are you using our Python SDK? What scopes does the app you created have? And How are you generating the token? 

Alex, Box Developer Advocate

Hi Alex, yes the Python SDK.  Using the JWT token with the dev box created public/private key json rider file that I'm reading in the script.

import boxsdk
from boxsdk import Client, OAuth2, JWTAuth
config = JWTAuth.from_settings_file('<file location>')
client=Client(config)

I have the scope to read and write all files stored in box, it has enterprise manage users/groups/properties (it's configured as an App + Enterprise Access) although I don't need to do anything with users, just uploading files from a local folder to a specific box folder on a regular basis.

It's connecting fine, and I can find the folder via the script which was created by me in my enterprise, and I've given the service account multiple different permission levels, including co-owner (although uploader should be sufficient for what I need to do!) without success.

I don't think you need to import OAuth2.... Refer to the instructions here

Here's an example of uploading a file too!

I'll try not loading it and see if it makes any difference, but I am able to load the files into the same exact folder using the developer token 

boxFile = client.folder(destboxFoldID).upload(newLeasePath,newLeaseFileName)  is what I'm using, after getting the variables loaded

Yeah, even without loading OAuth2 it still says the same error:

[31m"OPTIONS https://api.box.com/2.0/files/content" 403 0
{'Date': 'Wed, 16 Feb 2022 17:13:20 GMT', 'Transfer-Encoding': 'chunked', 'Connection': 'keep-alive', 'x-envoy-upstream-service-time': '145', 'www-authenticate': 'Bearer realm="Service", error="insufficient_scope", error_description="The request requires higher privileges than provided by the access token."', 'box-request-id': '11d1a55ebb8f28241e0e7eb0025227341', 'strict-transport-security': 'max-age=31536000'}
b''
[0m

I can get the Box folder info ok with the token, here is my latest test script (had to double check there wasn't private info)

import boxsdk
from boxsdk import Client, JWTAuth
from boxsdk.exception import BoxAPIException
config = JWTAuth.from_settings_file('C:\\YardiPython\\79150963_5qcdz3aj_config.json')
client=Client(config)
root_folder=client.folder('154957528460')
print(root_folder.get())
cur_user=client.user().get()
print(cur_user)
boxItems = client.folder(folder_id='0').get_items()
for boxItem in boxItems:
    boxFoldName = boxItem.name
    boxFoldId = boxItem.id
    print(boxFoldName,boxFoldId)
    if boxFoldName == 'BLVD Leases':
        destboxFoldID = boxFoldId
print(destboxFoldID)
try:
    box_file = client.folder(destboxFoldID).upload('C:\\YardiFileExtract\\Attachment_name.pdf', preflight_check=True)
except BoxAPIException:
    pass

Did you happen to make any changes to the application permissions? And if so, did you reauthorize the application in the admin console after? I will review the code you sent in. 

I didn't make any changes to the rights before getting it authorized

So I tested your code, and it worked for me.... It looks like the settings for App + Enterprise Access didn't get approved by the admin based on what I'm seeing on the backend. Can you have the admin reauthorize it? 

Thanks, I've reached out!

Alex, it's working now, thanks!

Whew! I was getting worried that something was seriously broken. :) Glad it's working.