boxsdk.auth package¶
Submodules¶
boxsdk.auth.cooperatively_managed_oauth2 module¶
-
class
boxsdk.auth.cooperatively_managed_oauth2.
CooperativelyManagedOAuth2
(retrieve_tokens=None, *args, **kwargs)[source]¶ Bases:
boxsdk.auth.cooperatively_managed_oauth2.CooperativelyManagedOAuth2Mixin
Box SDK OAuth2 subclass. Allows for sharing auth tokens between multiple clients. The retrieve_tokens callback should return the current access/refresh token pair.
-
class
boxsdk.auth.cooperatively_managed_oauth2.
CooperativelyManagedOAuth2Mixin
(retrieve_tokens=None, *args, **kwargs)[source]¶ Bases:
boxsdk.auth.oauth2.OAuth2
Box SDK OAuth2 mixin. Allows for sharing auth tokens between multiple clients.
boxsdk.auth.developer_token_auth module¶
-
class
boxsdk.auth.developer_token_auth.
DeveloperTokenAuth
(get_new_token_callback=None, **kwargs)[source]¶ Bases:
boxsdk.auth.oauth2.OAuth2
-
ENTER_TOKEN_PROMPT
= u'Enter developer token: '¶
-
boxsdk.auth.jwt_auth module¶
-
class
boxsdk.auth.jwt_auth.
JWTAuth
(client_id, client_secret, enterprise_id, jwt_key_id, rsa_private_key_file_sys_path=None, rsa_private_key_passphrase=None, user=None, store_tokens=None, box_device_id=u'0', box_device_name=u'', access_token=None, session=None, jwt_algorithm=u'RS256', rsa_private_key_data=None, **kwargs)[source]¶ Bases:
boxsdk.auth.oauth2.OAuth2
Responsible for handling JWT Auth for Box Developer Edition. Can authenticate enterprise instances or app users.
-
authenticate_app_user
(user=None)¶ Get an access token for a User.
May be one of this application’s created App User. Depending on the configured User Access Level, may also be any other App User or Managed User in the enterprise.
<https://docs.box.com/docs/configuring-box-platform#section-3-enabling-app-auth-and-app-users> <https://docs.box.com/docs/authentication#section-choosing-an-authentication-type>
Parameters: user (unicode or User
) –(optional) The user to authenticate, expressed as a Box User ID or as a
User
instance.If not given, then the most recently provided user ID, if available, will be used.
Raises: ValueError
if no user ID was passed and the object is not currently configured with one.Returns: The access token for the user. Return type: unicode
-
authenticate_instance
(enterprise=None)[source]¶ Get an access token for a Box Developer Edition enterprise.
Parameters: enterprise (unicode or None) – The ID of the Box Developer Edition enterprise.
Optional if the value was already given to __init__, otherwise required.
Raises: ValueError
if None was passed for the enterprise ID here and in __init__, or if the non-None value passed here does not match the non-None value passed to __init__.Returns: The access token for the enterprise which can provision/deprovision app users. Return type: unicode
-
authenticate_user
(user=None)[source]¶ Get an access token for a User.
May be one of this application’s created App User. Depending on the configured User Access Level, may also be any other App User or Managed User in the enterprise.
<https://docs.box.com/docs/configuring-box-platform#section-3-enabling-app-auth-and-app-users> <https://docs.box.com/docs/authentication#section-choosing-an-authentication-type>
Parameters: user (unicode or User
) –(optional) The user to authenticate, expressed as a Box User ID or as a
User
instance.If not given, then the most recently provided user ID, if available, will be used.
Raises: ValueError
if no user ID was passed and the object is not currently configured with one.Returns: The access token for the user. Return type: unicode
-
classmethod
from_settings_dictionary
(settings_dictionary, **kwargs)[source]¶ Create an auth instance as defined by the given settings dictionary.
The dictionary should have the structure of the JSON file downloaded from the Box Developer Console.
Parameters: settings_dictionary (dict) – Dictionary containing settings for configuring app auth. Returns: Auth instance configured as specified by the config dictionary. Return type: JWTAuth
-
classmethod
from_settings_file
(settings_file_sys_path, **kwargs)[source]¶ Create an auth instance as defined by a JSON file downloaded from the Box Developer Console. See https://developer.box.com/v2.0/docs/authentication-with-jwt for more information.
Parameters: settings_file_sys_path (unicode) – Path to the JSON file containing the configuration. Returns: Auth instance configured as specified by the JSON file. Return type: JWTAuth
-
boxsdk.auth.oauth2 module¶
-
class
boxsdk.auth.oauth2.
OAuth2
(client_id, client_secret, store_tokens=None, box_device_id=u'0', box_device_name=u'', access_token=None, refresh_token=None, session=None, refresh_lock=None)[source]¶ Bases:
object
Responsible for handling OAuth2 for the Box API. Can authenticate and refresh tokens.
Can be used as a closeable resource, similar to a file. When close() is called, the current tokens are revoked, and the object is put into a state where it can no longer request new tokens. This action can also be managed with the closing() context manager method.
-
access_token
¶ Get the current access token.
Returns: current access token Return type: unicode
-
api_config
¶ Return type: API
-
authenticate
(auth_code)[source]¶ Send token request and return the access_token, refresh_token tuple. The access token and refresh token will be stored by calling the store_tokens callback if provided in __init__.
Parameters: auth_code (unicode or None) – An authorization code you retrieved in the first leg of OAuth 2. Returns: (access_token, refresh_token) Return type: (unicode, unicode)
-
close
(revoke=True)[source]¶ Close the auth object.
After this action is performed, the auth object can no longer request new tokens.
This method may be called even if the auth object is already closed.
Parameters: revoke (bool) – (optional) Whether the current tokens should be revoked, via revoke(). Defaults to True as a security precaution, so that the tokens aren’t usable by any adversaries after you are done with them. Note that the revoke isn’t guaranteed to succeed (the network connection might fail, or the API call might respond with a non-200 HTTP response), so this isn’t a fool-proof security mechanism. If the revoke fails, an exception is raised. The auth object is still considered to be closed, even if the revoke fails.
-
closed
¶ True iff the auth object has been closed.
When in the closed state, it can no longer request new tokens.
Return type: bool
-
closing
(**kwds)[source]¶ Context manager to close the auth object on exit.
The behavior is somewhat similar to contextlib.closing(self), but has some differences.
The context manager cannot be entered if the auth object is closed.
If a non-Exception (e.g. KeyboardInterrupt) is caught from the block, this context manager prioritizes re-raising the exception as fast as possible, without blocking. Thus, in this case, the tokens will not be revoked, even if revoke=True was passed to this method.
If exceptions are raised both from the block and from close(), the exception from the block will be reraised, and the exception from close() will be swallowed. The assumption is that the exception from the block is more relevant to the client, especially since the revoke can fail if the network is unavailable.
Parameters: **close_kwargs – Keyword arguments to pass to close().
Get the authorization url based on the client id and the redirect url passed in
Parameters: redirect_url (unicode or None) – An HTTPS URI or custom URL scheme where the response will be redirected. Optional if the redirect URI is registered with Box already. Returns: A tuple of the URL of Box’s authorization page and the CSRF token. This is the URL that your application should forward the user to in first leg of OAuth 2. Return type: (unicode, unicode)
-
refresh
(access_token_to_refresh)[source]¶ Refresh the access token and the refresh token and return the access_token, refresh_token tuple. The access token and refresh token will be stored by calling the store_tokens callback if provided in __init__.
Parameters: access_token_to_refresh (unicode or None) – The expired access token, which needs to be refreshed. Pass None if you don’t have the access token. Returns: Tuple containing the new access token and refresh token. The refresh token may be None, if the authentication scheme doesn’t use one, or keeps it hidden from this client. Return type: tuple of (unicode, (unicode or None))
-
send_token_request
(data, access_token, expect_refresh_token=True)[source]¶ Send the request to acquire or refresh an access token, and store the tokens.
Parameters: - data (dict) – Dictionary containing the request parameters as specified by the Box API.
- access_token (unicode or None) – The current access token.
Returns: The access token and refresh token.
Return type: (unicode, unicode)
-
-
class
boxsdk.auth.oauth2.
TokenResponse
(response_object=None, **kwargs)[source]¶ Bases:
boxsdk.object.base_api_json_object.BaseAPIJSONObject
Represents the response for a token request.
-
class
boxsdk.auth.oauth2.
TokenScope
[source]¶ Bases:
boxsdk.util.text_enum.TextEnum
Scopes used for a downscope token request.
See https://developer.box.com/reference#token-exchange.
-
ITEM_DELETE
= u'item_delete'¶
-
ITEM_DOWNLOAD
= u'item_download'¶
-
ITEM_PREVIEW
= u'item_preview'¶
-
ITEM_READ
= u'item_read'¶
-
ITEM_READWRITE
= u'item_readwrite'¶
-
ITEM_SHARE
= u'item_share'¶
-
ITEM_UPLOAD
= u'item_upload'¶
-
boxsdk.auth.redis_managed_jwt_auth module¶
-
class
boxsdk.auth.redis_managed_jwt_auth.
RedisManagedJWTAuth
(unique_id=UUID('56e4c70c-2cb6-4bde-857d-d055d3eb63b3'), redis_server=None, *args, **kwargs)[source]¶ Bases:
boxsdk.auth.redis_managed_oauth2.RedisManagedOAuth2Mixin
,boxsdk.auth.jwt_auth.JWTAuth
JWT Auth subclass which uses Redis to manage access tokens.
boxsdk.auth.redis_managed_oauth2 module¶
-
class
boxsdk.auth.redis_managed_oauth2.
RedisManagedOAuth2
(unique_id=UUID('56e4c70c-2cb6-4bde-857d-d055d3eb63b3'), redis_server=None, *args, **kwargs)[source]¶ Bases:
boxsdk.auth.redis_managed_oauth2.RedisManagedOAuth2Mixin
OAuth2 subclass which uses Redis to manage tokens.
-
class
boxsdk.auth.redis_managed_oauth2.
RedisManagedOAuth2Mixin
(unique_id=UUID('56e4c70c-2cb6-4bde-857d-d055d3eb63b3'), redis_server=None, *args, **kwargs)[source]¶ Bases:
boxsdk.auth.oauth2.OAuth2
Box SDK OAuth2 subclass. Allows for storing auth tokens in redis.
-
unique_id
¶ Get the unique ID used by this auth instance. Other instances can share tokens with this instance if they share the ID with this instance.
-
boxsdk.auth.remote_managed_oauth2 module¶
-
class
boxsdk.auth.remote_managed_oauth2.
RemoteOAuth2
(retrieve_access_token=None, *args, **kwargs)[source]¶ Bases:
boxsdk.auth.remote_managed_oauth2.RemoteOAuth2Mixin
Box SDK OAuth2 subclass. Allows for storing auth tokens remotely. The retrieve_access_token callback should return an access token, presumably acquired from a remote server on which your auth credentials are available.
-
class
boxsdk.auth.remote_managed_oauth2.
RemoteOAuth2Mixin
(retrieve_access_token=None, *args, **kwargs)[source]¶ Bases:
boxsdk.auth.oauth2.OAuth2
Box SDK OAuth2 mixin. Allows for storing auth tokens remotely.