Closed tehunter closed 1 year ago
Hello @tehunter ,
the best way to do that is to use same approach as using developer token:
token_info = client.downscope_token([TokenScope.ITEM_READ, TokenScope.ITEM_PREVIEW])
downscoped_client = Client(
OAuth2(
client_id=None,
client_secret=None,
access_token=token_info.access_token
)
)
You can look at DeveloperTokenAuth here.
As with developer token there is no refresh mechanism so you will need to catch those 401 errors and rebuild the client with new down scoped token.
Thanks, that approach worked!
Hi, I'm building an library to interface
boxsdk
with Python'sfsspec
library. I want to give users the ability to set downscoped permissions. I'm struggling with how to actually make use of a downscopedTokenResponse
using public functions.Here's an overview of how the interface would work.
As far as I can tell, there's no way to actually apply
token_info.access_token
to update the Client to use the downscoped token. All of the functions inOAuth2
for setting tokens are "private", so I don't want to use them in case the signatures change in the future. Similarly, creating a new OAuth object would require accessingclient.auth._client_secret
which is also protected. If I tryself.client.auth.access_token = token_info.access_token
, I getAttributeError: can't set attribute 'access_token'
since it is being accessed as a@property
without a setter.So my questions are:
boxsdk
using only publicly accessible functions?It looks like the Java SDK offers a method to set the access token value, so that seems like the best solution here to make the SDK's compatible.