Reputation: 135
Python machine-to-machine user level jwt authentication with box
My Python script needs to push files to Box every night, unattended. I've been reading as much as I can find about how machine-to-machine user-level authentication with Box in Python works, but I can't find any examples of performing the actual authentication in a Python script.
I found out how to encode what Box requires as a JWT payload here: JWT Claims. But, how do I use this JWT once I have it?
There is a very suggestive paragraph in the Box documentation about getting a user access token (JWT Authentication):
Your service will authenticate to Box by sending a JSON Web Token to the /token endpoint containing a JSON payload that includes the Client ID, enterprise_id or user_id, and additional claims, and sign it using the private key of an RSA keypair. Box then verifies the identity of your application using the public key specific to your application.
The problem is, I can't find any reference that tells me how to use the JWT once I have it. I'm pretty sure I make some call to https://api.box.com/oauth2/token, but how do I sign it with the private key, and what is the exact way of sending it in Python? E.g. do I use pycurl, or something else?
Once I have an access token I am able to authenticate using OAuth2, so that part is all right. There's just that piece in the middle I'm missing.
Please note I need to get a user token, not an enterprise-level token, so JWTAuth doesn't work for me.
Upvotes: 1
Views: 692
Answers (1)
Reputation: 135
You can do user-based authentication with JWTAUth. Instead of calling authenticate_instance, you use authenticate_app_user. Here is a code snippet:
from boxsdk import JWTAuth, Client
auth = JWTAuth(
client_id='CLIENT ID HERE',
client_secret='CLIENT SECRET HERE',
enterprise_id='USER_ID HERE',
jwt_key_id='JWT KEY HERE',
rsa_private_key_file_sys_path='PATH/TO/FILE',
rsa_private_key_passphrase=b'PASSPHRASE HERE'
)
access_token = auth.authenticate_app_user(type('',(object,),{"object_id": "USER_ID HERE"})())
client = Client(auth)
# ... etc
However, you still need to get your app authorized by a box admin for your enterprise.
Upvotes: 1
Related Questions
- Using Box with JWT (Server Authentication)
- Box Python SDK 'NoneType' object is not callable
- Auth with JWT in web2py
- Apple Signin through Python
- JWT authentication for near protocol in a python backend
- Proper JWT authentication architecture and flow
- Box Python SDK for Developer/Enterprise: Clarifying JWT Authentication
- How can I use Python Keyring in conjunction with Box API OAuth2?
- Boxsdk JWTAuth keeps giving me this error: 'NoneType' object has no attribute 'encode'
- Pip install Boxsdk with JWT Oath not functioning as expected