How to create an App user in a Box account? - box-api

I'm super new to developer BOX and I would like to create an app only user in my BOX account. I found out this link which guides me through the process. BUT, I'm not able to find out ho to proceed with the following things:
1) How to request an enterprise access token using the JWT
2) How to use the enterprise access token to make a request for a new app user.
I'm super sorry if this question is stupid or trivial. I'm super new to this area and I really hope I get some help as I would love to work more in this field.

This page on the Box documentation site walks through how to create an Enterprise access token.
As you mentioned once you generate the Enterprise access token, you can then create a new App User using the Users endpoint. Here's an example in cURL for this.
curl https://api.box.com/2.0/users \
-H "Authorization: Bearer REPLACE_WITH_YOUR_ENTERPRISE_ACCESS_TOKEN" \
-d '{"name": "Example Name", "is_platform_access_only": true}' \
-X POST

Related

Autodek Forge Tutorial

I have been working through the Autodesk Forge Sample App tutorial.
WHen I click the button to connect with my account I get this error;
{"developerMessage":"The required parameter(s) redirect_uri not present in the request","errorCode":"AUTH-008","more info":"https://forge.autodesk.com/en/docs/oauth/v2/developers_guide/error_handling/"}
If you get this error, you probably trying a 3 legged oauth flow. And it means that you did not provide the callback url in the request. Since you did not say which tutorial you have been using, let me point you to 2 sources - the Forge documentation tutorial here or the Learn Forge tutorial here
In both case, it is important to have the callback url defined in the application page on the Forge portal - If you are using your local machine, it should be something like http://localhost:3000/mycallback. The learnforge material tells you to define it as (see here):
http://localhost:3000/api/forge/callback/oauth
where the documentation tutorial says to use
http://sampleapp.com/oauth/callback
but here they assume you own the domain sampleapp.com which is probably not true. You need to replace sampleapp.com by your own domain or the localhost:port when developing your webserver on your local machine. Note it is important to use your true domain vs localhost when you'll run the code on your server, and update both your application page and your code to use the same definition. I usually setup 3 applications (dev: with localhost:3001, staging: with myapp-staging.autod3sk.net, and production: with myapp.autod3sk.net) - this is to avoid to have to edits keys all the time and make the application deployment a lot easier.
Now that your application is setup, you need to use that URL in your request as documented in the Oauth API. But all parameters should be URL encoded, otherwise the / character will be misinterpreted by the server. Failing to pass the correct and encoded URL parameter in the request will result in the error you are seeing.
Here is an example:
https://developer.api.autodesk.com/authentication/v1/authorize \
?response_type=code \
&client_id=MYCLIENT_ID \
&redirect_uri=MY_ENCODE_CALLBACKURL \
&scope=REQUIRED_SCOPES
after replacing the placeholders, it should look like this
https://developer.api.autodesk.com/authentication/v1/authorize\
?response_type=code\
&client_id=oz9f...k2d\
&redirect_uri=http%3a%2f%2flocalhost%3a3000%2fapi%2fforge%2fcallback%2foauth\
&scope=data%3aread
Copy this in your browser, and after logging and the consent page, the service should return to your browser with a URL like this:
http://localhost:3000/api/forge/callback/oauth?code=wroM1vFA4E-Aj241-quh_LVjm7UldawnNgYEHQ8I
Because, we do not have a server yet, the browser will error, but you can clearly see the URL returned to you with a code. You know need to copy that code into another request to get the final token. Here, we will use curl, but ideally both request and the callback should be handled by your server code.
curl 'https://developer.api.autodesk.com/authentication/v1/gettoken' \
-X 'POST' \
-H 'Content-Type: application/x-www-form-urlencoded' \
-d 'client_id=oz9f...k2d' \
-d 'client_secret=eUr...Q1e' \
-d 'grant_type=authorization_code' \
-d 'code=wroM1vFA4E-Aj241-quh_LVjm7UldawnNgYEHQ8I' \
-d 'redirect_uri=http://localhost:3000/api/forge/callback/oauth'
Ideally, all this needs to be done in your server code, like the learnforge tutorial teach you to do.

How to get an authorization token from JuPyter hub using its REST APIs?

I want to start a notebook server as described here. I learnt that I need to get an auth token from this and so wanted to get the same, I have to use the api as described here. It always states "Method not allowed, 405". I am unable to figure out what is the right way to do this.
I tried the following post requests:
http://MY_JHUB_ON_K8S_SERVER.com/authorizations/token
with the body of JSON/Application:
{
"username": "aviral",
"password": "aviral",
}
The headers are:
[{"key":"Content-Type","name":"Content-Type","value":"application/json","description":"","type":"text"}]
In Postman, I had tried basic auth as well as no auth. In the basic auth, I pasted the username and password, while when there was no auth, I put the same in the json body
I expect to get the token so that I can start a server. Right now, regardless of the permutation and combination, I am getting 405.
This seems to be possible using the oath api endpoint but I wasn't successful.
Instead I run this command on the jupyterhub server to generate a token
jupyterhub token myusername
and then calls should work properly using the rest api:
curl --insecure 'https://myjupyterhubserver:8443/hub/api/users' \
-H 'Authorization: Token mygeneratedtoken'

PATCH:projects/users with several services

I am currently trying to update the user permissions on a project with the function PATCH: project / users (v2) for several services (BIM Docs, Field, Glue, Plan and Schedule) but for other services that Docs I have an error telling me that the services are invalid.
Code documentation here.
When I put only the permissions for project administration and Docs, it works.
However, i want to use the other services. So, when I set permissions for Docs, the rights for others are removed.
After several searches, I can't find a way to perform this command in cURL.
Here is the content:
curl -H "Content-Type: application/json"
-H "x-user-id: %user_admin_id%"
-H "Authorization: Bearer %TOKEN%"
-X PATCH https://developer.api.autodesk.com/hq/v2/accounts/:account_id/projects/:project_id/users/:user_id
-d '{
"services":
{"document_management":{"access_level":"user"},
"field_management:{"access_level":"user"}
},
"company_id":"%company_id%",
"industry_roles":["0b74b631-0a08-49ad-8f44-ada57d7de051"]
}'
Here the error :
"error":[{"message":"Invalid services
[\"field_management\"]","code":2000}]
I already tried field instead field_management.
Any solutions ?
Thanks.
You can not set permission through API, yet.
You can set a service to a project:
https://developer.autodesk.com/en/docs/bim360/v1/reference/http/projects-POST/
services-type parameter.
You also need to have a license to those sub services.

Apps Script Execution API showing error with devMode: true

Trying to use Execution API for one of my project with devMode: true, but getting the following error. But it works flawlessly when I make devMode: false.
NOTE: I am owner and using the API from same account (so it should work ideally)
I have deployed the script as api executable with access as "Anyone"
I have enabled the "Apps Script API" in the developer console
Both the oauth and apps script share the same project
{
"error": {
"code": 404,
"message": "Requested entity was not found.",
"status": "NOT_FOUND"
}
}
I had also experienced the same situation. So can you confirm the following points again?
Save the apps script using the save button again.
Save the apps script as a new version.
Whether the client ID and client secret are retrieved from the project that Apps Script API is used.
Whether the access token is retrieved from these client ID and client secret.
Whether the scope inclues https://www.googleapis.com/auth/drive, https://www.googleapis.com/auth/drive.scripts and https://www.googleapis.com/auth/script.external_request.
After I confirmed above again, I always test using a following curl command. When you use this curl command, please input your access token, function name and script ID.
curl -X POST -L \
-H "Authorization: Bearer ### access token ###" \
-H "Content-Type: application/json" \
-d "{function: '### function name ###',devMode: true}" \
"https://script.googleapis.com/v1/scripts/### script ID ###:run"
In my environment, the error in your question was solved. I don't know whether these can solve your problem. If this was not useful for you, I'm sorry.

Oauth2 and Spring-Security: Fail on authentication using Oauth2 and spring-security

I want to use Oauth2 and Spring-security with rest web service. I am new for this, i am trying to create configuration with the help of some websites. Still, i clearly not understand how and what is the flow for oauth authenticate for rest service. i am using latest dependencies Click on the link for see my configurations. I am using database for store clients information and tokens. when i trying to access the token, using follwoing url with post request and post body:
http://localhost:8080/empirecl-api/oauth/token
grant_type=password&username=a#a.com&password=password&client_id=my-client-with-secret&client_secret=ak_secret
The basic authentication pop-up box will appear. I am using chrome rest postman client. I have user table in my database where i store, username and password, when i enter those username and password, the authentication fail, If i use i my client_id and client_secret as a username and password, the authentication is fail. When i cancel the pop of basic authentication following json is return:
{
"error": "unauthorized",
"error_description": "No client with requested id: a#a.com"
}
I am unable to figure out what will happen.
When i trying to access following url with get reqquest:
http://localhost:8080/empirecl-api/oauth/authorize?grant_type=password&username=a#a.com&password=password
The following error will return:
{
"error": {
"error": "invalid_client",
"error_description": "Bad client credentials"
}
}
When i check the error in console, of eclipse, the follwoing error is display:
AuthorizationEndpoint:436 - Handling ClientRegistrationException error: No client with requested id: null
How i resolve this problem and how to use Oauth with my rest api. I also want to secure my all rest url with Oauth.
There are a couple of things wrong here.
You are using the wrong endpoint - the request should be to the token endpoint, not the authorization endpoint.
It should be a POST request - you shouldn't be passing the parameters in the URL
You are confusing when the user has to authenticate and when the client does - the server was looking for Basic credentials from the client but you were entering the username.
See the oauth2 spec section on using the resource owner password grant.
The client needs to authenticate and, as porterhead points out, you can do this using Basic authentication. The spec does also allow passing of the client id and secret as post parameters, but prefers Basic authentication.
You should probably make sure you understand a bit more about how OAuth2 works, and perhaps expand your question to explain why you want to use it and why you've chosen this particular grant type.
You need to pass your client username and password as a Base64 encoded Authorization header.
Try using curl. Here is an example:
curl -v -X POST \
-H "Content-Type: application/json" \
-H "Authorization: Basic MzUzYjMwMmM0NDU3NGY1NjUwNDU2ODdlNTM0ZTdkNmE6Mjg2OTI0Njk3ZTYxNWE2NzJhNjQ2YTQ5MzU0NTY0NmM=" \
'http://localhost:8080/empirecl-api/oauth/token?grant_type=password&username=a#a.com&password=password'
I have a working example described here