search

box / box-python-sdk

Box SDK for Python
http://opensource.box.com/box-python-sdk/
Apache License 2.0
417 stars 214 forks source link

Continued Difficulty with CCGAuth #788

Closed ericasaw closed 1 year ago

ericasaw commented 1 year ago

Hi! I opened an issue here a few months ago about some difficulty with authorization. At the time my issue was resolved and I was able to authenticate just fine. I needed to update some of the download links I generated previously so I went to run the exact same script again with no changes (to either my Box developer app or my python script) and now the authorization fails again. I'm really frustrated because I changed literally nothing about what I was doing and the script no longer works.

I tried re-authorizing the app, seeing as that was an issue for some users in the past, but I get the same error. Here is what I am trying to run in python just to confirm my authentication works (the same code that did work prior):

from boxsdk import Client, CCGAuth

#all from the reauthorized app
auth = CCGAuth(
  client_id="my_client_id",
  client_secret="my_client_secret",
  user="my_user_ID"
)

user_client = Client(auth)

RRISA_items = user_client.folder(folder_id='163358064246').get_items()

general_folders = []

for item in RRISA_items:
    #get the IDS for indata, outdata, and recipe
    general_folders.append(user_client.folder(folder_id=item.id).get_items())

I get the following error:

BoxAPIException: Message: Grant credentials are invalid
Status: 400
Code: invalid_grant
Request ID: None
Headers: {'Date': 'Thu, 05 Jan 2023 18:04:28 GMT', 'Content-Type': 'application/json', 'Transfer-Encoding': 'chunked', 'Strict-Transport-Security': 'max-age=31536000', 'Set-Cookie': 'box_visitor_id=63b7112c159061.81254152; expires=Fri, 05-Jan-2024 18:04:28 GMT; Max-Age=31536000; path=/; domain=.box.com; secure, bv=OPS-45809; expires=Thu, 12-Jan-2023 18:04:28 GMT; Max-Age=604800; path=/; domain=.app.box.com; secure, cn=2; expires=Fri, 05-Jan-2024 18:04:28 GMT; Max-Age=31536000; path=/; domain=.app.box.com; secure, site_preference=desktop; path=/; domain=.box.com; secure', 'Cache-Control': 'no-store', 'Via': '1.1 google', 'Alt-Svc': 'h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"'}
URL: https://api.box.com/oauth2/token
Method: POST
Context Info: None

I've triple-checked the client ID, client secret, and user info I am entering so I don't understand why I keep getting this error. I have also reverified that the app I have is specifically set up for CCG and OAuth2 and not other authorization methods, and everything looks good. I also checked to make sure that my Python Box SDK version is the same as it was when I used it last and it is, so I'm super confused as to why this code doesn't work anymore.

antusus commented 1 year ago

Hi @ericasaw ,

sorry for the troubles. Can we first verify that this is not a application configuration problem? Could you double check that in your application configuration in Advanced Features the checkbox Generate user access tokens is enabled? If it was disabled you will need to enable it, save and reauthorise the app.

https://developer.box.com/guides/authentication/client-credentials/ could you try and execute cURL command do authenticate?

curl -i -X POST "https://api.box.com/oauth2/token" \
     -H "Content-Type: application/x-www-form-urlencoded" \
     -d "client_id=[CLIENT_ID]" \
     -d "client_secret=[CLIENT_SECRET]" \
     -d "grant_type=client_credentials" \
     -d "box_subject_type=user"  \
     -d "box_subject_id=[USER_ID]"

Let's check your setup is correct. You should get 200 response with JSON looking like this:

{
  "access_token":"some-token",
  "expires_in":1234,
  "restricted_to":[],
  "token_type":"bearer"
}
ericasaw commented 1 year ago

Hi @antusus! Thanks for the quick response. Checking the generate user access token worked for me! Is this something that was added recently?

antusus commented 1 year ago

Glad this helped. The generate user token is required to work with user authentication for CCG. https://github.com/box/box-python-sdk/blob/main/docs/usage/authentication.md#obtaining-user-token What I suspected was the "behaviour" in App settings in UI. If you switch "App Access Level" to "App + Enterprise Access" this setting is being unchecked. And if you go back to "App Access Only" and save you just removed user access...