Adds support for OAuth client credentials grant flow (#120)

cburnette · Feb 10, 2023 · 3b6e6f2 · 3b6e6f2
1 parent 98893d9
commit 3b6e6f2
Show file tree

Hide file tree

Showing 3 changed files with 18 additions and 1 deletion.
diff --git a/.env.example b/.env.example
@@ -7,6 +7,10 @@
 #7. copy and paste the client id and client secret of your Box app below
 #8. save this file as .env
 
+# You will need to create two custom apps for testing. One of them will be a JWT app
+# and the other will be a server authentication app. The server authentication app
+# credentials will be used to test the client credentials grant
+
 BOX_DEVELOPER_TOKEN={a valid developer token for your Box app}
 BOX_CLIENT_ID={client id of your Box app}
 BOX_CLIENT_SECRET={client secret of your Box app}
@@ -15,3 +19,5 @@ JWT_PRIVATE_KEY_PATH={path to your JWT private key}
 JWT_PRIVATE_KEY_PASSWORD={JWT private key password}
 BOX_PRIMARY_SIGNATURE_KEY={primary key for webhooks}
 BOX_SECONDARY_SIGNATURE_KEY={secondary key for webhooks}
+BOX_OAUTH_CLIENT_ID={client_id for your server authentication app}
+BOX_OAUTH_CLIENT_SECRET={client_secret for your server authentication app}
diff --git a/lib/boxr/auth.rb b/lib/boxr/auth.rb
@@ -15,13 +15,15 @@ def self.oauth_url(state, host: "app.box.com", response_type: "code", scope: nil
     uri
   end
 
-  def self.get_tokens(code=nil, grant_type: "authorization_code", assertion: nil, scope: nil, username: nil, client_id: ENV['BOX_CLIENT_ID'], client_secret: ENV['BOX_CLIENT_SECRET'])
+  def self.get_tokens(code=nil, grant_type: "authorization_code", assertion: nil, scope: nil, username: nil, client_id: ENV['BOX_CLIENT_ID'], client_secret: ENV['BOX_CLIENT_SECRET'], box_subject_type: nil, box_subject_id: nil)
     uri = Boxr::Client::AUTH_URI
     body = "grant_type=#{grant_type}&client_id=#{client_id}&client_secret=#{client_secret}"
     body = body + "&code=#{code}" unless code.nil?
     body = body + "&scope=#{scope}" unless scope.nil?
     body = body + "&username=#{username}" unless username.nil?
     body = body + "&assertion=#{assertion}" unless assertion.nil?
+    body = body + "&box_subject_type=#{box_subject_type}" unless box_subject_type.nil?
+    body = body + "&box_subject_id=#{box_subject_id}" unless box_subject_id.nil?
 
     auth_post(uri, body)
   end

diff --git a/spec/boxr/auth_spec.rb b/spec/boxr/auth_spec.rb
@@ -23,6 +23,15 @@
     Boxr::revoke_token(user_token['access_token'])
     expect{user_client.root_folder_items}.to raise_error{Boxr::BoxrError}
 
+    puts 'get_tokens - client_credentials_grant'
+    user_token = Boxr::get_token(code=nil,
+                                 grant_type: 'client_credentials',
+                                 box_subject_type: 'enterprise',
+                                 box_subject_id: ENV['BOX_ENTERPRISE_ID'],
+                                 client_id: ENV['BOX_OAUTH_CLIENT_ID'],
+                                 client_secret: ENV['BOX_OAUTH_CLIENT_SECRET'])
+    expect(user_token).to include('access_token','expires_in')
+
     puts "cleanup data"
     BOX_CLIENT.delete_user(second_test_user, force: true)
   end