I've been writing some bash scripts to use box.com via curl. Got messy fast. Then discovered rclone!
Originally I created a box "app", which uses an app key with which to make REST calls via curl. Done this way, the uploaded files can only be seen in the "developer console", not the usual one.
In rclone it took me a while to figure out it was uploading to the regular console, and was not classified as a box "app". I assume it impersonates an actual user, rather than use box's CLI API.
Is there some config setting I can use to make rclone work with the developer/CLI API instead? I find it easier to manage a headless ansible-controlled environment where I can rely on app keys rather than oauth (and manually handle expired tokens, etc.)
You can give rclone a JSON config file - is that what you mean? It is in the advanced settings when using rclone config (see https://rclone.org/box/#box-box-config-file )
Thanks just had a look at that, but I don't think it's what I'm referring to.
You know how some web-based APIs used an API key/token, rather than oauth / jwt auth? Box has that, which is much simpler to use.
On the other hand, if I understand correctly, rclone "logs in" to box.com as me (using oauth), and then makes calls directly.
I was wondering whether rclone supports the API token option. On a (headless) server, that is much simpler to manage, as you just save the API token somewhere and never worry about it again. On the other hand, the oauth approach requires the initial non-automated setup, and if the token expires then you need to do it again, etc.
I have a feeling rclone doesn't support this, but I just wanted to be sure.
I think we are talking about the same thing. The JSON config file is an app JWT I think. So I think it should work but maybe I'm mis-understanding something.
The box "api token" is just a string like
"dsiduffgDFGWER34sdfDFHwrsDF34gsr" rather than a JWT.
It's not generated via oauth - you need to log in as an admin, go to the admin console, and generate it manually. Then you copy-paste it into your scripts or code. And your scripts/code/services never undergo an oauth/jwt auth process, as long as they send that token in all requests.
Is what I'm describing possible via that config file you mentioned above?
(I assumed everything rclone does presupposes it first went through an oauth process, and received access and refresh tokens.)
PS: Sorry if I'm not explaining properly, you're probably right and we're referring to the same thing somehow!
I read a bit more of the docs and I got to this
Making API calls
To use an App Token directly the application can use the App Token the same way it would use any Access Token.
So that isn't something rclone does at the moment.
However it looks quite easy to add... Do you want to have a go at adding it? I can talk you through it.
Thanks for confirming.
I'm not a go dev unfortunately, so I've already worked around the problem via some manual stuff in the middle of our ansible runs.
We're using this for automated backups on a (obviously) headless server. So I suspect it's only a matter of time till the oauth access/refresh tokens expire, and we'll need to redo the initial setup again! And after that I'm sure I'll get irritated and be forced to look at this again... and maybe learn go!
PS: I'm surprised I'm the first to mention this. I'd assume most cloud storage providers offer a token-based auth option (much more friendly for sysadmins who manage services on headless servers). Maybe box is the exception?
Till we chat again, thanks for this really helpful tool (beats using curl)!
If you make a new issue on github I'll bring it to the attention of the person who did the JWT auth for box - maybe they would be interested in doing this too...
This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.