Authenticating to Box using connection strings and config file fails

What is the problem you are having with rclone?

I am using connection strings to perform remote control commands to Box. If I use access tokens, everything works fine and the requests are authenticating correctly. However, I want to use a config.json file to authenticate to box with JWT. My remote name looks like:

:box,box_config_file=<path_to_config.json>,box_sub_type=enterprise

And then the command:

operations/list

{
  fs: ':box,box_config_file=<path_to_config.json>,box_sub_type="enterprise:'
  remote: <path>
}

However, I get back the error:

2021/04/06 17:39:42 ERROR : rc: "operations/list": error: error in ListJSON: couldn't list files: Get "https://api.box.com/2.0/folders/0/items?fields=type%2Cid%2Csequence_id%2Cetag%2Csha1%2Cname%2Csize%2Ccreated_at%2Cmodified_at%2Ccontent_created_at%2Ccontent_modified_at%2Citem_status%2Cshared_link&limit=1000&offset=0": couldn't fetch token - maybe it has expired? - refresh with "rclone config reconnect :box{tocdd}:": oauth2: token expired and refresh token is not set

If I change the path to the config.json file to something different, just to see if there is an issue with the file, I get the same error. I have also tried this connection string:

:box,box_config_file=<path_to_config.json>,box_sub_type=enterprise,client_id=<client_id>,client_secret=<client_secret>

And get the same error. It seems like it's not reading the config file at all, and trying to authenticate with a token instead.

I have used a similar connection string for Google Drive to authenticate with JWT and had no issues, so I think this could be a Box specific problem.

What is your rclone version (output from rclone version)

1.55

Which OS you are using and how many bits (eg Windows 7, 64 bit)

Ubuntu

Which cloud storage system are you using? (eg Google Drive)

Box

The command you were trying to run (eg rclone copy /tmp remote:tmp)

operations/list

{
  fs: ':box,box_config_file=<path_to_config.json>,box_sub_type="enterprise:'
  remote: <path>
}

A log from the command with the -vv flag

2021/04/06 17:39:42 ERROR : rc: "operations/list": error: error in ListJSON: couldn't list files: Get "https://api.box.com/2.0/folders/0/items?fields=type%2Cid%2Csequence_id%2Cetag%2Csha1%2Cname%2Csize%2Ccreated_at%2Cmodified_at%2Ccontent_created_at%2Ccontent_modified_at%2Citem_status%2Cshared_link&limit=1000&offset=0": couldn't fetch token - maybe it has expired? - refresh with "rclone config reconnect :box{tocdd}:": oauth2: token expired and refresh token is not set```

I guess the first thing to see is if you can build a local config without using connection strings with the box_config_file parameter.

You could run through rclone config and see whether you can make that work.

That will tell us whether it is something to do with the config strings or the box_config_file parameter.

I suspect the config_file stuff rather than the connection strings stuff, but I could be wrong!

Oh yea, I forgot to mention that. I am able to authenticate with rclone config successfully, but would prefer to use connection strings instead.

Can you post your redacted config which does work?

I note there is a mis-matched quote here in "enterprise - I assumed this was a typo, but if it isn't then check the quoting :slight_smile:

Yes, sorry that is a typo.

I am using the config/create remote command to create the config file, so I can show you the params for that command but I don't actually have access to the hard config file. Here is the command:

config/create

{
  name: box-test,
  type: box,
  parameters: {
    client_id: <client_id>,
    client_secret: <client_secret>,
    box_config_file: <path_to_config.json>,
    box_sub_type: 'enterprise'
  }
}

Which succeeds, and I can perfrom commands without any authentication issues. Also, if I change the box_config_file param to the wrong pathname (just to test) I get the error:

Failed to configure token: box: failed to read Box config: open /asdf/config.json: no such file or directory

Where as if I add the wrong pathname to the connection string, it doesn't give me a failed to read file error, it gives me the same error if I had the correct pathname.

Can you try putting the client id and secret in the config string too? That will make it the same as your statically configured config.

If that doesn't work I'll send an rclone with some more debugging in so we can see what parameters the box backend gets.

I have tried that as well. See the original comment

OK Here is a debug build of rclone which will dump the config before creating a backend

v1.56.0-beta.5384.bede3a5d4.fix-connection-strings-debug on branch fix-connection-strings-debug (uploaded in 15-30 mins)

It will look like this

$ rclone -vv ...
...
2021/04/08 12:41:26 DEBUG : Config dump:
2021/04/08 12:41:26 DEBUG :   token = "{\"access_token\":\"XXX\",\"token_type\":\"bearer\",\"refresh_token\":\"XXX\",\"expiry\":\"2021-04-08T13:48:00.383716273+01:00\"}"

Can you do that with your working config file and your non working connection string and examine the differences? Can you post a redacted version here also.

Hopefully we'll be able to get to the bottom of the problem with that - thanks.

I am working off of a docker image, if I upgrade to the latest beta will that include these changes?

No, you'll need that exact version. We don't build docker images of branches at the moment.

You could check that branch out and build a docker image, or try it not in a docker image.