|
Chilkat • HOME • .NET Core C# • Android™ • AutoIt • C • C# • C++ • Chilkat2-Python • CkPython • Classic ASP • DataFlex • Delphi ActiveX • Delphi DLL • Go • Java • Lianja • Mono C# • Node.js • Objective-C • PHP ActiveX • PHP Extension • Perl • PowerBuilder • PowerShell • PureBasic • Ruby • SQL Server • Swift 2 • Swift 3,4,5... • Tcl • Unicode C • Unicode C++ • VB.NET • VBScript • Visual Basic 6.0 • Visual FoxPro • Xojo Plugin
(CkPython) Box.com OAuth2 with JSON Web TokensSee more Box ExamplesDemonstrates how to obtain an OAuth2 access token using a JSON Web Token. The following explanation is copied from Box Authentication Models
import sys import chilkat # This requires the Chilkat API to have been previously unlocked. # See Global Unlock Sample for sample code. # When you created an RSA key pair using the Box web user interface, # you downloaded a json file named something like "7152782_kkdxptq2_config.json" # This contains the following: # { # "boxAppSettings": { # "clientID": "0kraci84o0jfr7yuw596tf394iigzbe7", # "clientSecret": "xxxxxxxxxxxxxxxxxxxxxxxxx", # "appAuth": { # "publicKeyID": "kkdxptq2", # "privateKey": "-----BEGIN ENCRYPTED PRIVATE KEY-----\nMIIFDj ... nceU=\n-----END ENCRYPTED PRIVATE KEY-----\n", # "passphrase": "xxxxxxxxxxxxxxxxxxxxxxxx" # } # }, # "enterpriseID": "7152782" # } # # Load it into a Chilkat JSON object to allow access to the content. jsonRsaKey = chilkat.CkJsonObject() success = jsonRsaKey.LoadFile("qa_data/tokens/7152782_kkdxptq2_config.json") # Load the private key into a Chilkat private key object. passphrase = jsonRsaKey.stringOf("boxAppSettings.appAuth.passphrase") privateKeyPem = jsonRsaKey.stringOf("boxAppSettings.appAuth.privateKey") rsaKey = chilkat.CkPrivateKey() success = rsaKey.LoadEncryptedPem(privateKeyPem,passphrase) if (success != True): print(rsaKey.lastErrorText()) sys.exit() # The JSON Web Token will be created using the JWT class jwt = chilkat.CkJwt() # Construct the JOSE header... jose = chilkat.CkJsonObject() # Chilkat supports the following algorithms: "RS256", "RS384", and "RS512". (Chilkat also supports other algorithms that Box does not yet support.) jose.UpdateString("alg","RS256") jose.UpdateString("typ","JWT") jose.UpdateString("kid",jsonRsaKey.stringOf("boxAppSettings.appAuth.publicKeyID")) # Now let's build the JWT claims. Most of this is just boilerplate (i.e. the same every time..) # The JWT claims contain these required and optional elements: # iss (required, String) The Client ID of the service that created the JWT assertion. # sub (required, String) enterprise_id for a token specific to an enterprise when creating and managing app users, or the app user_id for a token specific to an individual app user. # box_sub_type (required, String) "enterprise" or "user" depending on the type of token being requested in the sub claim. # aud (required, String) Always "https://api.box.com/oauth2/token" for OAuth2 token requests # jti (required, String) A universally unique identifier specified by the client for this JWT. This is a unique string that is at least 16 characters and at most 128 characters. # exp (required, NumericDate) The unix time as to when this JWT will expire. This can be set to a maximum value of 60 seconds beyond the issue time. Note: It is recommended to set this value to less than the maximum allowed 60 seconds. # iat (optional, NumericDate) Issued at time. The token cannot be used before this time. # nbf (optional, NumericDate) Not before. Specifies when the token will start being valid. # claims = chilkat.CkJsonObject() claims.UpdateString("iss",jsonRsaKey.stringOf("boxAppSettings.clientID")) claims.UpdateString("sub",jsonRsaKey.stringOf("enterpriseID")) claims.UpdateString("box_sub_type","enterprise") claims.UpdateString("aud","https://api.box.com/oauth2/token") # Generate 32 random bytes (base64 encoded) for the "jti" prng = chilkat.CkPrng() claims.UpdateString("jti",prng.genRandom(32,"base64")) # Set the expiration time to 60 seconds after the current time. claims.UpdateInt("exp",jwt.GenNumericDate(60)) # We're going to do the following POST to get a JSON response that contains our OAuth2 access token: # POST /oauth2/token # Content-Type: application/x-www-form-urlencoded # grant_type=urn:ietf:params:oauth:grant-type:jwt-bearer& # assertion=<JWT>& # client_id=<client_id>& # client_secret=<client_secret> # First, make the initial connection. # A single REST object, once connected, can be used for many Box REST API calls. # The auto-reconnect indicates that if the already-established HTTPS connection is closed, # then it will be automatically re-established as needed. rest = chilkat.CkRest() bAutoReconnect = True success = rest.Connect("api.box.com",443,True,bAutoReconnect) if (success != True): print(rest.lastErrorText()) sys.exit() # Add the query params. # Calling ClearAllParts is wise if previous requests were sent prior to this one on the same REST object.. rest.ClearAllParts() rest.AddQueryParam("grant_type","urn:ietf:params:oauth:grant-type:jwt-bearer") rest.AddQueryParam("client_id",jsonRsaKey.stringOf("boxAppSettings.clientID")) rest.AddQueryParam("client_secret",jsonRsaKey.stringOf("boxAppSettings.clientSecret")) rest.AddQueryParam("assertion",jwt.createJwtPk(jose.emit(),claims.emit(),rsaKey)) jsonResponse = rest.fullRequestFormUrlEncoded("POST","/oauth2/token") if (rest.get_LastMethodSuccess() != True): print(rest.lastErrorText()) sys.exit() # If successful, we'll get a response status code equal to 200, # and a JSON response that looks like this: # { # "access_token": "mNr1FrCvOeWiGnwLL0OcTL0Lux5jbyBa", # "expires_in": 4169, # "restricted_to": [], # "token_type": "bearer" # } # jResponse = chilkat.CkJsonObject() jResponse.put_EmitCompact(False) jResponse.Load(jsonResponse) if (rest.get_ResponseStatusCode() != 200): print(jResponse.emit()) print("Failed.") sys.exit() print(jResponse.emit()) # Get the access token: accessToken = jResponse.stringOf("access_token") print("Access token, valid for 60 minutes: " + accessToken) |
||||
© 2000-2024 Chilkat Software, Inc. All Rights Reserved.