1 / 31

Box Authentication Types

Breakout session given at BoxWorks 2017.

jcleblanc
Download Presentation

Box Authentication Types

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Picking an Auth Method

  2. Long lived access token (30 days, 60 days, no expiry). Restricted to upload and preview API functionality. 4

  3. Users with existing Box accounts. Use when you don’t want to manage the user content in the app. Contains an interstitial permission screen. 5

  4. Users with or without existing Box accounts Use when there is an existing identity infrastructure. Use when the app should manage content for app users. 7

  5. Built for ease of development. Bypasses JWT or OAuth 2 authentication. Tokens need to be manually refreshed after 1 hour. 9

  6. Application Access

  7. Type of Users: Will you be working with users within an entire enterprise, or just the app? Concern Areas: Type of Users Types of Content Default Scopes Types of Content: Do you need to access and manage data within the enterprise? Default Scopes: Read / Write (A,E), Manage Users (A,E), Manage Groups (A,E), Manage Enterprise Properties (E). 12

  8. Application Scopes

  9. Advanced Application Features (JWT)

  10. Purpose: Perform actions on behalf of another user. Capabilities: Needed for full SDK functionality for user actions (As-User header) • Allows you to properly manage users, their content, and actions. • 18

  11. Purpose: For JWT applications, create individual OAuth 2 tokens for users. Capabilities: Needed for full SDK functionality for JWT application user actions. • Allows you to bypass the need for credentials in the typical OAuth 3- legged flow. • 19

  12. OAuth 2 Example

  13. OAuth Code Sample // Display functionality const boxSDK = require('box-node-sdk'); const fs = require('fs'); const http = require('http'); const querystring = require('querystring'); // OAuth applicationcredentials const oauthClientId= 'jv0illbd53efgjwdr8pdbyas3j7ggdasdwy7gdxo'; const oauthClientSecret = 'sYaytj0AOhuN0P2eXzR4beEjVxNqGZfP';

  14. OAuth Code Sample // Endpoint const authURI = 'https://account.box.com/api/oauth2/authorize'; const returnURI = 'http://localhost:3000/return'; // Create Box auth object const payload = { 'response_type': 'code', 'client_id': oauthClientId, 'redirect_uri': returnURI }; // Redirect user const qs = querystring.stringify(payload); const authEndpoint = `${authURI}?${qs}`; res.redirect(authEndpoint);

  15. OAuth Code Sample // File path const filePath = '/Users/jleblanc/Desktop/taxdoc.txt'; // Extract auth code const code = req.query.code; // Exchange codefor access token sdk.getTokensAuthorizationCodeGrant(code, null, function(err, tokenInfo) { const client = sdk.getBasicClient(tokenInfo.accessToken); // Upload file const stream= fs.createReadStream(filePath); client.files.uploadFile('0', 'taxdoc.txt', stream, callback); res.send('File uploaded'); });

  16. JWT / OAuth 2 Example

  17. JWT Auth Sample Code // Initializepackages const boxSDK = appConfig.boxSDK; const fs = require('fs'); const util = require('util'); // OAuth / JWT applicationcredentials const jwtClientId = '1er8yqchd5tyvloui0nk9rkkdgpr3c6pv'; const jwtClientSecret = 'NGGGoFWSVTdokNOd4jGTuWA7xuQYs6hl';

  18. JWT Auth Sample Code // Account information const publicKeyId = '1e543j1t'; const enterpriseId= '17488913'; // Keys const keyPath = 'private.pem'; const keyPass = ‘Esde!4ra63’;

  19. JWT Auth Sample Code // Fetchprivate key for signing the JWT const secret = fs.readFileSync(privateKeyPath); //Createnew Box SDK instance const sdk = new boxSDK({ clientID: jwtClientId, clientSecret: jwtClientSecret, appAuth: { keyID: publicKeyId, privateKey: secret, passphrase: keyPass } }); const client = sdk.getAppAuthClient('enterprise', enterpriseId);

  20. JWT Auth Sample Code // Create new Box user client.enterprise.addUser( 'sefsdfdsfs@box.com', 'This guy', { role: client.enterprise.userRoles.COADMIN, address: '555 Box Lane', status: client.enterprise.userStatuses.CANNOT_DELETE_OR_EDIT }, callback );

  21. JWT Auth Sample Code //CREATE NEW APP USER client.enterprise.addAppUser( 'Daenerys Targaryen', { job_title: 'Motherof Dragons', }, callback );

  22. Application Authorization and Reauthorization (JWT)

More Related