This document discusses different authentication methods for a Box application including: 1. Long-lived access tokens that are restricted to certain API functionality and contain a permission screen. 2. OAuth 2 authentication that requires managing user identities and content. 3. Application access tokens that need to be refreshed every hour and bypass OAuth authentication. It also provides code samples for OAuth 2 authentication flows and initializing a Box SDK client using JWT authentication with an app's client ID, secret, and signing keys.

3. Picking an Auth Method

4. Long lived access token (30 days, 60 days,
no expiry).
Restricted to upload and preview API
functionality.
4

5. Users with existing Box accounts.
Use when you don’t want to manage the
user content in the app.
Contains an interstitial permission screen.
5

7. Users with or without existing Box accounts
Use when there is an existing identity
infrastructure.
Use when the app should manage content
for app users.
7

9. Built for ease of development.
Bypasses JWT or OAuth 2 authentication.
Tokens need to be manually refreshed after
1 hour.
9

10. Application Access

12. 12
Concern Areas:
Type of Users
Types of Content
Default Scopes
Type of Users: Will you be working with users
within an entire enterprise, or just the app?
Types of Content: Do you need to access and
manage data within the enterprise?
Default Scopes: Read / Write (A,E), Manage
Users (A,E), Manage Groups (A,E), Manage
Enterprise Properties (E).

14. Application Scopes

16. Advanced Application Features (JWT)

18. Purpose: Perform actions on behalf of
another user.
Capabilities:
• Needed for full SDK functionality
for user actions (As-User header)
• Allows you to properly manage
users, their content, and actions.
18

19. 19
Purpose: For JWT applications,
create individual OAuth 2 tokens for
users.
Capabilities:
• Needed for full SDK functionality
for JWT application user actions.
• Allows you to bypass the need for
credentials in the typical OAuth 3-
legged flow.

20. OAuth 2 Example

21. // Display functionality
const boxSDK = require('box-node-sdk');
const fs = require('fs');
const http = require('http');
const querystring = require('querystring');
// OAuth application credentials
const oauthClientId = 'jv0illbd53efgjwdr8pdbyas3j7ggdasdwy7gdxo';
const oauthClientSecret = 'sYaytj0AOhuN0P2eXzR4beEjVxNqGZfP';
OAuth Code Sample

22. // Endpoint
const authURI = 'https://account.box.com/api/oauth2/authorize';
const returnURI = 'http://localhost:3000/return';
// Create Box auth object
const payload = {
'response_type': 'code',
'client_id': oauthClientId,
'redirect_uri': returnURI
};
// Redirect user
const qs = querystring.stringify(payload);
const authEndpoint = `${authURI}?${qs}`;
res.redirect(authEndpoint);
OAuth Code Sample

23. // File path
const filePath = '/Users/jleblanc/Desktop/taxdoc.txt';
// Extract auth code
const code = req.query.code;
// Exchange code for access token
sdk.getTokensAuthorizationCodeGrant(code, null, function(err, tokenInfo) {
const client = sdk.getBasicClient(tokenInfo.accessToken);
// Upload file
const stream = fs.createReadStream(filePath);
client.files.uploadFile('0', 'taxdoc.txt', stream, callback);
res.send('File uploaded');
});
OAuth Code Sample

24. JWT / OAuth 2 Example

25. // Initialize packages
const boxSDK = appConfig.boxSDK;
const fs = require('fs');
const util = require('util');
// OAuth / JWT application credentials
const jwtClientId = '1er8yqchd5tyvloui0nk9rkkdgpr3c6pv';
const jwtClientSecret = 'NGGGoFWSVTdokNOd4jGTuWA7xuQYs6hl';
JWT Auth Sample Code

26. // Account information
const publicKeyId = '1e543j1t';
const enterpriseId = '17488913';
// Keys
const keyPath = 'private.pem';
const keyPass = ‘Esde!4ra63’;
JWT Auth Sample Code

27. // Fetch private key for signing the JWT
const secret = fs.readFileSync(privateKeyPath);
//Create new Box SDK instance
const sdk = new boxSDK({
clientID: jwtClientId,
clientSecret: jwtClientSecret,
appAuth: {
keyID: publicKeyId,
privateKey: secret,
passphrase: keyPass
}
});
const client = sdk.getAppAuthClient('enterprise', enterpriseId);
JWT Auth Sample Code

28. // Create new Box user
client.enterprise.addUser(
'sefsdfdsfs@box.com',
'This guy', {
role: client.enterprise.userRoles.COADMIN,
address: '555 Box Lane',
status: client.enterprise.userStatuses.CANNOT_DELETE_OR_EDIT
},
callback
);
JWT Auth Sample Code

29. //CREATE NEW APP USER
client.enterprise.addAppUser(
'Daenerys Targaryen', {
job_title: 'Mother of Dragons',
},
callback
);
JWT Auth Sample Code

30. Application Authorization and
Reauthorization (JWT)