JWTを使用した設定

カスタムアプリは、JWTによるサーバー側認証を使用するよう設定できます。

前提条件

To set up a Custom App using server-side authentication, you will need to ensure you have access the Developer Console from your Box enterprise account. Alternatively, you may sign up for a developer account.

App creation steps

1. Navigate to the Developer Console

Log into Box and navigate to the Developer Console. Select Create New App.

2. Select the type of application

Select Custom App from the list of application types. A modal will appear to prompt a selection for the next step.

3. Select the type of authentication and app name

Select Server Authentication (with JWT) and provide a unique name for your application. Click Create App.

JWTキーペア

JWT authentication works through a public/private RSA keypair. Once a Custom App is created leveraging JWT authentication, a keypair can be generated via the Developer Console or you can generate your own and supply Box with the public key.

キーペアの生成(推奨)

If you would like to use a Box generated keypair, navigate to the Developer Console where you can generate a configuration file. This file includes a public/private keypair and a number of other application details that are necessary for authentication.

To generate this file, navigate to the Configuration tab of the Developer Console and scroll down to the Add and Manage Public Keys section.

Click the Generate a Public/Private Keypair button to have Box generate a keypair you. This will trigger the download of a JSON configuration file that you can move to your application code.

手動によるキーペアの追加

Alternatively, you may generate your own keypair and then upload the public key to the Developer Console.

To create a keypair using OpenSSL, open a terminal window and run the following commands.

openssl genrsa -des3 -out private.pem 2048
openssl rsa -in private.pem -outform PEM -pubout -out public.pem

Then, navigate to the configuration tab for your application in the Developer console and scroll down to the Add and Manage Public Keys section.

Click the Add a Public Key button, enter the public key generated using the steps above and click Verify and Save.

アプリの承認

Once a keypair is successfully added to your application your Box enterprise Admin needs to authorize the application within the Box Admin Console.

Navigate to the General Settings tab for your application within the developer console and scroll down to the App Authorization section.

Click Submit and Review to send an email to your Box enterprise Admin for approval. More information on this process is available in our support article for app authorization.

Re-authorization after making configuration changes

アプリケーションのスコープまたはアクセスレベルが変更された場合は、アプリケーションを再承認する必要があります。新しい変更を有効にするには、上記のプロセスを繰り返して新しいアクセストークンをリクエストしてください。

基本的な構成

Before the application can be used, some additional configuration is required.

アプリケーションアクセス

By default, an application can only successfully interact with its own data and the data of any App Users. To also work with existing Managed Users of the enterprise, navigate to the Application Access settings accessible via the Configuration tab of the Developer console. Set to Enterprise.

アプリケーションスコープ

Scopes define what permissions your application has in order to access data. See the scopes guide for detailed information on each option.

CORSドメイン

If your application makes API calls from front-end browser code in Javascript, the domain that these calls are made from will need to be added to an allow-list due to Cross Origin Resource Sharing, also known as CORS. If all requests will be made from server-side code, you may skip this section.

To add the full URI(s) to the allow-list, navigate to the CORS Domain section at the bottom of the Configuration tab in the Developer console.