-
Notifications
You must be signed in to change notification settings - Fork 0
Create a Box application with JWT auth
Anusha Ranganathan edited this page Aug 22, 2018
·
8 revisions
https://developer.box.com/docs/setting-up-a-jwt-app
- Login as archivematica user using the university of hull box account
- Click on Dev Console in the left hand menu and go to the Box developer console (link)
- click on the Create New App option.
- On the next page, click on the type of application you'd like to build (Custom App) and click the Next button.
- On the authentication method page that comes up, click on the option for OAuth 2.0 with JWT and click the Next button.
- Give your application a unique name (AutoArchiver), click the Create App button, then click the View Your App button on the next page.
- Your newly created JWT application (app link) will be presented on the Configuration page, allowing you to further configure it. To do so, adjust these settings:
- Access:
- Application Access
- Scopes:
- Read all files and folders stored in Box
- Read and write all files and folders stored in Box
- Manage users
- Manage groups
- Manage webhooks
- Advanced Features
- Perform actions as users will allow your application to make API requests on behalf of a user, instead of the app itself.
- Generate user access tokens will allow you to access APIs without the user having to log in with their credentials.
- Generate a Public / Private Keypair
- Click on the button generate a public or private key pair
- Save the box config.json file (611889_t7g8sady_config.json)
- Request the system administrators to grant access to the app (this step needs to be done everytime the scope of the app is modified)
- Access:
To test the app using the developer token (valid for 60 mins)
curl https://api.box.com/2.0/folders/0 -H "Authorization: Bearer 3kkB4NijFP3Wkzl5SK1ZuwNk2gnWz2v0"
https://developer.box.com/docs/authenticate-with-jwt
- Save the private key from the json config file in a separate file, so it's easy to read.
Parse the json config file in the command line
require 'json' json_config = File.read('config/611889_907insbl_config.json') box_config = JSON.parse(json_config) f = File.open('AutoArchiver.pem', 'w') f.write(box_config['boxAppSettings']['appAuth']['privateKey']) f.close - Install the SDK
Add the following to your gemfile
Then execute the following from a terminal / command prompt
gem 'boxr'$ bundle install - Test the app authenticates from the rails console
Test generating tokens for the enterprise and user accounts using the values from the saved config file
bundle exec rails consolerequire 'boxr' tokens = Boxr::get_enterprise_token( enterprise_id: ENTERPRISE_ID, private_key: File.read(JWT_SECRET_KEY_PATH), private_key_password: JWT_SECRET_KEY_PASSWORD, public_key_id: PUBLIC_KEY_ID, client_id: CLIENT_ID, client_secret: CLIENT_SECRET ) # Boxr::BoxrError: 400: {"error":"unauthorized_client","error_description":"This app is not authorized by the enterprise admin"} tokens = Boxr::get_user_token( USER_ID, private_key: File.read(JWT_SECRET_KEY_PATH), private_key_password: JWT_SECRET_KEY_PASSWORD, public_key_id: PUBLIC_KEY_ID, client_id: CLIENT_ID, client_secret: CLIENT_SECRET ) # Boxr::BoxrError: 400: {"error":"unauthorized_client","error_description":"This app is not authorized by the enterprise admin"}
Reference for Boxr Client:
- https://github.com/cburnette/boxr/blob/master/lib/boxr/
- https://github.com/cburnette/boxr/blob/master/lib/boxr/folders.rb
- https://github.com/cburnette/boxr/blob/master/lib/boxr/files.rb
- https://github.com/cburnette/boxr/blob/master/lib/boxr/collaborations.rb
- https://github.com/cburnette/boxr/blob/master/lib/boxr/users.rb
https://developer.box.com/docs/construct-jwt-claim-manually
- Construct the JWT assertion using boxr and the values from the config file
require 'boxr' require 'openssl' private_key = OpenSSL::PKey::RSA.new(File.read(JWT_SECRET_KEY_PATH), JWT_SECRET_KEY_PASSWORD) assertion = Boxr::jwt_assertion(private_key, CLIENT_ID, USER_ID, 'user', PUBLIC_KEY_ID) puts assertion - Submit a HTTP POST to generate JWT token
RequestResponseEndpoint https://api.box.com/oauth2/token HEADERS Content-Type: application/x-www-form-urlencoded BODY (x-www-form-urlencoded) grant_type: urn:ietf:params:oauth:grant-type:jwt-bearer client_id: CLIENT_ID client_secret: CLIENT_SECRET assertion: assertion400 Bad Request { "error": "unauthorized_client", "error_description": "This app is not authorized by the enterprise admin" }
https://developer.box.com/docs/work-with-files