boxsdk.auth package

Submodules

boxsdk.auth.cooperatively_managed_oauth2 module

class boxsdk.auth.cooperatively_managed_oauth2.CooperativelyManagedOAuth2(retrieve_tokens=None, *args, **kwargs)[source]

Bases: boxsdk.auth.cooperatively_managed_oauth2.CooperativelyManagedOAuth2Mixin

Box SDK OAuth2 subclass. Allows for sharing auth tokens between multiple clients. The retrieve_tokens callback should return the current access/refresh token pair.

class boxsdk.auth.cooperatively_managed_oauth2.CooperativelyManagedOAuth2Mixin(retrieve_tokens=None, *args, **kwargs)[source]

Bases: boxsdk.auth.oauth2.OAuth2

Box SDK OAuth2 mixin. Allows for sharing auth tokens between multiple clients.

boxsdk.auth.developer_token_auth module

class boxsdk.auth.developer_token_auth.DeveloperTokenAuth(get_new_token_callback=None, **kwargs)[source]

Bases: boxsdk.auth.oauth2.OAuth2

ENTER_TOKEN_PROMPT = u'Enter developer token: '
revoke()[source]

Base class override. Do nothing; developer tokens can’t be revoked without client ID and secret.

boxsdk.auth.jwt_auth module

class boxsdk.auth.jwt_auth.JWTAuth(client_id, client_secret, enterprise_id, jwt_key_id, rsa_private_key_file_sys_path=None, rsa_private_key_passphrase=None, user=None, store_tokens=None, box_device_id=u'0', box_device_name=u'', access_token=None, session=None, jwt_algorithm=u'RS256', rsa_private_key_data=None, **kwargs)[source]

Bases: boxsdk.auth.oauth2.OAuth2

Responsible for handling JWT Auth for Box Developer Edition. Can authenticate enterprise instances or app users.

authenticate_app_user(user=None)

Get an access token for a User.

May be one of this application’s created App User. Depending on the configured User Access Level, may also be any other App User or Managed User in the enterprise.

<https://docs.box.com/docs/configuring-box-platform#section-3-enabling-app-auth-and-app-users> <https://docs.box.com/docs/authentication#section-choosing-an-authentication-type>

Parameters:user (unicode or User) –

(optional) The user to authenticate, expressed as a Box User ID or as a User instance.

If not given, then the most recently provided user ID, if available, will be used.

Raises:ValueError if no user ID was passed and the object is not currently configured with one.
Returns:The access token for the user.
Return type:unicode
authenticate_instance(enterprise=None)[source]

Get an access token for a Box Developer Edition enterprise.

Parameters:enterprise (unicode or None) –

The ID of the Box Developer Edition enterprise.

Optional if the value was already given to __init__, otherwise required.

Raises:ValueError if None was passed for the enterprise ID here and in __init__, or if the non-None value passed here does not match the non-None value passed to __init__.
Returns:The access token for the enterprise which can provision/deprovision app users.
Return type:unicode
authenticate_user(user=None)[source]

Get an access token for a User.

May be one of this application’s created App User. Depending on the configured User Access Level, may also be any other App User or Managed User in the enterprise.

<https://docs.box.com/docs/configuring-box-platform#section-3-enabling-app-auth-and-app-users> <https://docs.box.com/docs/authentication#section-choosing-an-authentication-type>

Parameters:user (unicode or User) –

(optional) The user to authenticate, expressed as a Box User ID or as a User instance.

If not given, then the most recently provided user ID, if available, will be used.

Raises:ValueError if no user ID was passed and the object is not currently configured with one.
Returns:The access token for the user.
Return type:unicode
classmethod from_settings_dictionary(settings_dictionary, **kwargs)[source]

Create an auth instance as defined by the given settings dictionary.

The dictionary should have the structure of the JSON file downloaded from the Box Developer Console.

Parameters:settings_dictionary (dict) – Dictionary containing settings for configuring app auth.
Returns:Auth instance configured as specified by the config dictionary.
Return type:JWTAuth
classmethod from_settings_file(settings_file_sys_path, **kwargs)[source]

Create an auth instance as defined by a JSON file downloaded from the Box Developer Console. See https://developer.box.com/v2.0/docs/authentication-with-jwt for more information.

Parameters:settings_file_sys_path (unicode) – Path to the JSON file containing the configuration.
Returns:Auth instance configured as specified by the JSON file.
Return type:JWTAuth

boxsdk.auth.oauth2 module

class boxsdk.auth.oauth2.OAuth2(client_id, client_secret, store_tokens=None, box_device_id=u'0', box_device_name=u'', access_token=None, refresh_token=None, session=None, refresh_lock=None)[source]

Bases: object

Responsible for handling OAuth2 for the Box API. Can authenticate and refresh tokens.

Can be used as a closeable resource, similar to a file. When close() is called, the current tokens are revoked, and the object is put into a state where it can no longer request new tokens. This action can also be managed with the closing() context manager method.

access_token

Get the current access token.

Returns:current access token
Return type:unicode
api_config
Return type:API
authenticate(auth_code)[source]

Send token request and return the access_token, refresh_token tuple. The access token and refresh token will be stored by calling the store_tokens callback if provided in __init__.

Parameters:auth_code (unicode or None) – An authorization code you retrieved in the first leg of OAuth 2.
Returns:(access_token, refresh_token)
Return type:(unicode, unicode)
close(revoke=True)[source]

Close the auth object.

After this action is performed, the auth object can no longer request new tokens.

This method may be called even if the auth object is already closed.

Parameters:revoke (bool) – (optional) Whether the current tokens should be revoked, via revoke(). Defaults to True as a security precaution, so that the tokens aren’t usable by any adversaries after you are done with them. Note that the revoke isn’t guaranteed to succeed (the network connection might fail, or the API call might respond with a non-200 HTTP response), so this isn’t a fool-proof security mechanism. If the revoke fails, an exception is raised. The auth object is still considered to be closed, even if the revoke fails.
closed

True iff the auth object has been closed.

When in the closed state, it can no longer request new tokens.

Return type:bool
closing(**kwds)[source]

Context manager to close the auth object on exit.

The behavior is somewhat similar to contextlib.closing(self), but has some differences.

The context manager cannot be entered if the auth object is closed.

If a non-Exception (e.g. KeyboardInterrupt) is caught from the block, this context manager prioritizes re-raising the exception as fast as possible, without blocking. Thus, in this case, the tokens will not be revoked, even if revoke=True was passed to this method.

If exceptions are raised both from the block and from close(), the exception from the block will be reraised, and the exception from close() will be swallowed. The assumption is that the exception from the block is more relevant to the client, especially since the revoke can fail if the network is unavailable.

Parameters:**close_kwargs

Keyword arguments to pass to close().

get_authorization_url(redirect_url)[source]

Get the authorization url based on the client id and the redirect url passed in

Parameters:redirect_url (unicode or None) – An HTTPS URI or custom URL scheme where the response will be redirected. Optional if the redirect URI is registered with Box already.
Returns:A tuple of the URL of Box’s authorization page and the CSRF token. This is the URL that your application should forward the user to in first leg of OAuth 2.
Return type:(unicode, unicode)
refresh(access_token_to_refresh)[source]

Refresh the access token and the refresh token and return the access_token, refresh_token tuple. The access token and refresh token will be stored by calling the store_tokens callback if provided in __init__.

Parameters:access_token_to_refresh (unicode or None) – The expired access token, which needs to be refreshed. Pass None if you don’t have the access token.
Returns:Tuple containing the new access token and refresh token. The refresh token may be None, if the authentication scheme doesn’t use one, or keeps it hidden from this client.
Return type:tuple of (unicode, (unicode or None))
revoke()[source]

Revoke the authorization for the current access/refresh token pair.

send_token_request(data, access_token, expect_refresh_token=True)[source]

Send the request to acquire or refresh an access token, and store the tokens.

Parameters:
  • data (dict) – Dictionary containing the request parameters as specified by the Box API.
  • access_token (unicode or None) – The current access token.
Returns:

The access token and refresh token.

Return type:

(unicode, unicode)

class boxsdk.auth.oauth2.TokenResponse(response_object=None, **kwargs)[source]

Bases: boxsdk.object.base_api_json_object.BaseAPIJSONObject

Represents the response for a token request.

class boxsdk.auth.oauth2.TokenScope[source]

Bases: boxsdk.util.text_enum.TextEnum

Scopes used for a downscope token request.

See https://developer.box.com/reference#token-exchange.

ITEM_DELETE = u'item_delete'
ITEM_DOWNLOAD = u'item_download'
ITEM_PREVIEW = u'item_preview'
ITEM_READ = u'item_read'
ITEM_READWRITE = u'item_readwrite'
ITEM_SHARE = u'item_share'
ITEM_UPLOAD = u'item_upload'

boxsdk.auth.redis_managed_jwt_auth module

class boxsdk.auth.redis_managed_jwt_auth.RedisManagedJWTAuth(unique_id=UUID('ba745bf5-f807-40ab-ae33-4054f2c600ee'), redis_server=None, *args, **kwargs)[source]

Bases: boxsdk.auth.redis_managed_oauth2.RedisManagedOAuth2Mixin, boxsdk.auth.jwt_auth.JWTAuth

JWT Auth subclass which uses Redis to manage access tokens.

boxsdk.auth.redis_managed_oauth2 module

class boxsdk.auth.redis_managed_oauth2.RedisManagedOAuth2(unique_id=UUID('ba745bf5-f807-40ab-ae33-4054f2c600ee'), redis_server=None, *args, **kwargs)[source]

Bases: boxsdk.auth.redis_managed_oauth2.RedisManagedOAuth2Mixin

OAuth2 subclass which uses Redis to manage tokens.

class boxsdk.auth.redis_managed_oauth2.RedisManagedOAuth2Mixin(unique_id=UUID('ba745bf5-f807-40ab-ae33-4054f2c600ee'), redis_server=None, *args, **kwargs)[source]

Bases: boxsdk.auth.oauth2.OAuth2

Box SDK OAuth2 subclass. Allows for storing auth tokens in redis.

unique_id

Get the unique ID used by this auth instance. Other instances can share tokens with this instance if they share the ID with this instance.

boxsdk.auth.remote_managed_oauth2 module

class boxsdk.auth.remote_managed_oauth2.RemoteOAuth2(retrieve_access_token=None, *args, **kwargs)[source]

Bases: boxsdk.auth.remote_managed_oauth2.RemoteOAuth2Mixin

Box SDK OAuth2 subclass. Allows for storing auth tokens remotely. The retrieve_access_token callback should return an access token, presumably acquired from a remote server on which your auth credentials are available.

class boxsdk.auth.remote_managed_oauth2.RemoteOAuth2Mixin(retrieve_access_token=None, *args, **kwargs)[source]

Bases: boxsdk.auth.oauth2.OAuth2

Box SDK OAuth2 mixin. Allows for storing auth tokens remotely.

Module contents