9

I am trying to get started with the Box.com SDK and I have a few questions.

from boxsdk import OAuth2

oauth = OAuth2(
    client_id='YOUR_CLIENT_ID',
    client_secret='YOUR_CLIENT_SECRET',
    store_tokens=your_store_tokens_callback_method,
)

auth_url, csrf_token = oauth.get_authorization_url('http://YOUR_REDIRECT_URL')

def store_tokens(access_token, refresh_token):
    # store the tokens at secure storage (e.g. Keychain)

1)What is the redirect URL and how do I use it? Do I need to have a server running to use this?

2)What sort of code to I need in the store_tokens method?

Steve-O
  • 387
  • 1
  • 4
  • 10

3 Answers3

15

  1. The redirect URL is only required if you're runng a Web application that needs to respond to user's requests to authenticate. If you're programtically authenticating, you can simply set this as http://localhost. In a scenario where you require the user to manually authenticate, the redirect URL should invoke some function in your web app to store and process the authentication code returned. Do you need a server running? Well, if you want to do something with the authentication code returned, the URL you specify should be under your control and invoke code to do something useful.

  2. Here's an example of what the store_tokens function should look like. It should accept two parameters, access_token and refresh_token. In the example below, the function will commit these to a local store for use when the API needs to re-authenticate:

From here:

"""An example of Box authentication with external store"""

import keyring
from boxsdk import OAuth2
from boxsdk import Client

CLIENT_ID = 'specify your Box client_id here'
CLIENT_SECRET = 'specify your Box client_secret here'


def read_tokens():
    """Reads authorisation tokens from keyring"""
    # Use keyring to read the tokens
    auth_token = keyring.get_password('Box_Auth', 'mybox@box.com')
    refresh_token = keyring.get_password('Box_Refresh', 'mybox@box.com')
    return auth_token, refresh_token


def store_tokens(access_token, refresh_token):
    """Callback function when Box SDK refreshes tokens"""
    # Use keyring to store the tokens
    keyring.set_password('Box_Auth', 'mybox@box.com', access_token)
    keyring.set_password('Box_Refresh', 'mybox@box.com', refresh_token)


def main():
    """Authentication against Box Example"""

    # Retrieve tokens from secure store
    access_token, refresh_token = read_tokens()

    # Set up authorisation using the tokens we've retrieved
    oauth = OAuth2(
    client_id=CLIENT_ID,
    client_secret=CLIENT_SECRET,
    access_token=access_token,
    refresh_token=refresh_token,
    store_tokens=store_tokens,
    )

    # Create the SDK client
    client = Client(oauth)
    # Get current user details and display
    current_user = client.user(user_id='me').get()
    print('Box User:', current_user.name)

if __name__ == '__main__':
    main()
chicks
  • 2,393
  • 3
  • 24
  • 40
mroshaw
  • 337
  • 1
  • 4
  • 12
  • This is a copy/paste of what is in the link you shared and you did not answer to the questions of the user. In this case, it's better just to give the link in a comment instead of posting an answer. ;) – David Guyon Jul 01 '16 at 14:45
  • 2
    Thanks for the feedback! I'm quite new to stackoverflow, in terms of providing help: I'm usually the one asking for it! I've updated my response such that it is in keeping with the question asked - I think it now provides a true answer to the user. More feedback would definitely be appreciated, DGeTuX, so that I can offer more value to this site. Note that the link is to an article that I wrote - I'm not trying to pinch anyone's work! – mroshaw Jul 03 '16 at 15:04
  • 1
    kindly explain what is mybox@box.com. is it redirect url.? – Abhishek Feb 18 '17 at 05:53
  • It's just an example of how you might use the keyring library as a persistent store for your tokens. What you pass in as the parameter, mybox@box.com in the example given, should just be representative of a unique user attribute. – mroshaw Feb 19 '17 at 11:44
  • I'm confused, what exactly is ```'Box_Auth', 'mybox@box.com'``` in here, can anybody give a real life example? – user5319825 Dec 15 '21 at 12:03
  • I believe `'Box_Auth'` and `'Box_Refresh'` are custom names given to the access and refresh tokens respectively so that they can then be referenced later for retrieval in the `def read_tokens()`. You could name them anything else if you like. `'mybox@box.com'` is an example of a username. – Lyman Zerga Mar 23 '22 at 19:09
6

I suggest taking a look at the OAuth 2 tutorial. It will help give a better understanding of how OAuth works and what the various parameters are used for.

  1. The redirect URL is set in your Box application's settings:

    screenshot of Box application settings

    This is the URL where Box will send an auth code that can be used to obtain an access token. For example, if your redirect URL is set to https://myhost.com, then your server will receive a request with a URL that looks something like https://myhost.com?code=123456abcdef.

    Note that your redirect URI doesn't need to be a real server. For example, apps that use a WebView will sometimes enter a fake redirect URL and then extract the auth code directly from the URL in the WebView.

  2. The store_tokens callback is optional, but it can be used to save the access and refresh tokens in case your application needs to shutdown. It will be invoked every time the access token and refresh token changes, giving you an opportunity to save them somewhere (to disk, a DB, etc.).

    You can then pass in these tokens to your OAuth2 constructor at a later time so that your users don't need to login again.

Greg
  • 3,731
  • 1
  • 29
  • 25
0

If you're just testing, you can also pass in a developer token. This tutorial explains how.

This is the most basic example that worked for me: 

from boxsdk import Client, OAuth2

CLIENT_ID = ''
CLIENT_SECRET = ''
ACCESS_TOKEN = '' # this is the developer token

oauth2 = OAuth2(CLIENT_ID, CLIENT_SECRET, access_token=ACCESS_TOKEN)

client = Client(oauth2)

my = client.user(user_id='me').get()
print(my.name)
print(my.login)
print(my.avatar_url)
Jep
  • 384
  • 3
  • 7
  • This does not work. You get Message: Method Not Allowed Status: 405 Code: method_not_allowed – Matyas Aug 24 '16 at 23:07