Closed tef-github closed 4 years ago
Jwt logic is meant to be done server side to ensure security for the token. The purpose for jwt is for customers to manage their own users so you might create your own login page for instance and tie it to your own authentication mechanisms.
On Sat, Jan 4, 2020, 3:25 PM teferio notifications@github.com wrote:
Hello,
I am using the box-android-sdk and I was looking for a way to let users view files without showing the Login Screen.
I believe this is possible through the OAuth2.0 JWT authentication. If I understand correctly, once the config.json file is generated, the app can use that to authenticate silently, without showing the Login Screen. Given that the users shouldn't necessarily be box-users.
But I was only able to find the implementation of this in the box-java-sdk not in box-android-sdk.
https://github.com/box/box-java-sdk/blob/master/doc/authentication.md#server-authentication-with-jwt
Is there a way to authenticate silently the same way with JWT config.json in the box-android-sdk?
Thanks in advance.
— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/box/box-android-sdk/issues/417?email_source=notifications&email_token=AAEYOYUS3WKZWQEDK6SINR3Q4ELHRA5CNFSM4KCYN322YY3PNVWWK3TUL52HS4DFUVEXG43VMWVGG33NNVSW45C7NFSM4IEBJVTQ, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAEYOYXQ3O7CPHYGUSCV6U3Q4ELHRANCNFSM4KCYN32Q .
Hello doncung,
Thanks for the Jwt info. I was more concerned with authenticating non-box users silently. Let me rephrase my question to a more clearer sense:
Is there a way in the box API to do silent authentication?
silent authentication: authenticating non-box users without login screen, using some kind of api token, hardcoded in the android app.
You could do that through jwt, but it would require your own server endpoint to associate a box user to one of your users.
On Sat, Jan 4, 2020, 11:50 PM teferio notifications@github.com wrote:
Hello doncung,
Thanks for the Jwt info. I was more concerned with authenticating non-box users silently. Let me rephrase my question to a more clearer sense:
Is there a way in the box API to do silent authentication?
silent authentication: authenticating non-box users without login screen, using some kind of api token, hardcoded in the android app.
— You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/box/box-android-sdk/issues/417?email_source=notifications&email_token=AAEYOYXXGZHA6R5RQCZPHP3Q4GGNLA5CNFSM4KCYN322YY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOEIDQWCA#issuecomment-570886920, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAEYOYW43MXCTSK4JCS5PK3Q4GGNLANCNFSM4KCYN32Q .
Thanks doncung,
That's perfect, I will do that on my own server :smiley:
But to connect it to my android app, do I have to use the box-java-sdk?
Couldn't I use the box-android-sdk instead?
I'm asking this because I only see samples of JWT authentication on the box-java-sdk https://github.com/box/box-java-sdk/blob/master/doc/authentication.md#server-authentication-with-jwt
I don't see this available through the box-android-sdk
Thanks in advance.
The box-android-sdk supports an AuthenticationRefreshProvider interface which is designed to hook into your server. If you want to make it silent you would implement launchAuthUi to silently call your server to get a valid access token for your user.
Thanks!
Hi @teferio,
It looks like this issue can be closed, but if you're still having issues, please don't hesitate to re-open it!
Thanks,
Patrick
Hello,
I am using the box-android-sdk and I was looking for a way to let users view files without showing the Login Screen.
I believe this is possible through the OAuth2.0 JWT authentication. If I understand correctly, once the config.json file is generated, the app can use that to authenticate silently, without showing the Login Screen. Given that the users shouldn't necessarily be box-users.
But I was only able to find the implementation of this in the box-java-sdk not in box-android-sdk. https://github.com/box/box-java-sdk/blob/master/doc/authentication.md#server-authentication-with-jwt
Is there a way to authenticate silently the same way with JWT config.json in the box-android-sdk?
Thanks in advance.