Giters

kylefernandadams / box-ui-elements-heroku

Box UI Elements React Starter for a Salesforce Canvas App

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Issue with authorization and scopes

RupertBarrow opened this issue · comments

commented

I have a Box developer account. I have created an app in Box, given it all the possible scopes, generated the JSON config file and included that in my Heroku config var BOX_CONFIG.

(btw I noticed duplicate env variable names REACT_APP_NAME and REACT_APP_HOST in the code. I also noticed the SALESFORCE_DOMAIN variable was required, but undocumented in README). I also put my Box app's secret into SIGNED_REQUEST_CONSUMER_SECRET.

The errors

The app starts up well, seems to connect and authenticate correctly to Box.
Then it tries to downscope the token. I am displaying 3 components in Salesforce to test this : picker, explorer, preview

They all 3 return the same downscoping error. For example :
`
2022-09-28T08:14:44.892504+00:00 app[web.1]: Found oauth token: 00D1i000000ULGK!xxxxxxx
2022-09-28T08:14:44.892522+00:00 app[web.1]: Found instance url: https://xxx-dev-ed.my.salesforce.com
2022-09-28T08:14:44.892553+00:00 app[web.1]: Found params: { fileId: '987910380579', elementType: 'preview' }
2022-09-28T08:14:44.892569+00:00 app[web.1]: Element Type: preview

2022-09-28T08:14:45.111299+00:00 heroku[router]: at=info method=GET path="/explorer/0" host=floating-badlands-35174.herokuapp.com request_id=8e3fa2e1-2048-48a7-a088-8a21706ae2ad fwd="88.126.219.187" dyno=web.1 connect=0ms service=2ms status=200 bytes=946 protocol=https
2022-09-28T08:14:45.291003+00:00 heroku[router]: at=info method=GET path="/static/js/main.9b80e9f8.js" host=xxxxxx.herokuapp.com request_id=beb25150-feca-4bfa-994d-09fdcd4735c1 fwd="xxx.126.219.187" dyno=web.1 connect=0ms service=2ms status=304 bytes=254 protocol=https

2022-09-28T08:14:46.770304+00:00 app[web.1]: Failed to get downscoped token: Error: Unexpected API Response [400 Bad Request] insufficient_scope - Insufficient permissions for the requested scope.
2022-09-28T08:14:46.770331+00:00 app[web.1]: at Object.buildResponseError (/app/node_modules/box-node-sdk/lib/util/errors.js:115:29)
2022-09-28T08:14:46.770333+00:00 app[web.1]: at Object.buildUnexpectedResponseError (/app/node_modules/box-node-sdk/lib/util/errors.js:146:21)
...
2022-09-28T08:14:46.770338+00:00 app[web.1]: statusCode: 400,
...
2022-09-28T08:14:46.770381+00:00 app[web.1]: request: Request {
...
2022-09-28T08:14:46.770382+00:00 app[web.1]: method: 'POST',
...
2022-09-28T08:14:46.770389+00:00 app[web.1]: host: 'api.box.com',
2022-09-28T08:14:46.770390+00:00 app[web.1]: body: 'grant_type=urn%3Aietf%3Aparams%3Aoauth%3Agrant-type%3Atoken-exchange&subject_token_type=urn%3Aietf%3Aparams%3Aoauth%3Atoken-type%3Aaccess_token&subject_token=1%21xxxxxxxxxxxxx&scope=base_explorer%20item_preview%20item_download%20item_rename%20item_delete%20item_share%20item_upload%20root_readwrite%20annotation_view_all%20annotation_edit&resource=https%3A%2F%2Fapi.box.com%2F2.0%2Ffolders%2F0&client_id=xxxxx&client_secret=xxxxx',
...
2022-09-28T08:14:46.770393+00:00 app[web.1]: body: {
2022-09-28T08:14:46.770393+00:00 app[web.1]: error: 'insufficient_scope',
2022-09-28T08:14:46.770394+00:00 app[web.1]: error_description: 'Insufficient permissions for the requested scope.'
2022-09-28T08:14:46.770394+00:00 app[web.1]: },
`

What I tried

Does my Box user have sufficient rights ?

image

I revoked my Developer Token and recreated it.
I removed the Public/Private key pair I had created and regenerated them; I added the resulting config JSON settings to the Heroku BOX_CONFIG variable.

Help

Am I missing something ?
Can you help ?

commented

This is what helped me fix some of these issues.

Give access to your Box App to your files and folders

When you create a Box app, it generates a Box service account, which is like a user.
It's in the Box app/General Settings/Service Account info.
Note the email address, and share files and folders with this user to be able to see tham in the Salesforce app which is using this Box app.

Reauthorize the Box app

When you change anything on the Box app (scopes, CORS, etc.), re-authorize the app. This is why :
https://support.box.com/hc/en-us/articles/360044191973-API-Authentication-Cannot-obtain-token-based-on-the-enterprise-configuration-for-your-app

Results

I have got the following working :

  • explorer
  • preview
  • uploader

recents is not working, yet.
search (used in explorer and picker) produces an error.
I have not tried metadata query.