Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
Admin token does not have sufficient scope
See original GitHub issueHi, trying to run the example given:
var adminToken = boxJWT.AdminToken(); //valid for 60 minutes so should be cached and re-used
var adminClient = boxJWT.AdminClient(adminToken);
//for example, get the admin's root folder items
var items = await adminClient.FoldersManager.GetFolderItemsAsync("0", 500);
I can retrieve admintoken, but when I attempt the GetFolderItemsAsync call I get this:
Bearer realm=“Service”, error=“insufficient_scope”, error_description=“The request requires higher privileges than provided by the access token.”
I can use that admintoken to do things like list enterprise users though. I can also follow the example to create a new app user and list THAT user’s folders using that user’s token.
I’m using a new developer account with no other users, and am syncing my folders to my desktop.
I have enabled all scope options that I can:
Even though I’m getting this far, I assume I’m still missing something in my account setup to enable listing of the folders from the admin token?
Issue Analytics
- State:
- Created 8 years ago
- Comments:7 (3 by maintainers)
Top Results From Across the Web
Top Related Medium Post
Top Related StackOverflow Question
Troubleshoot Live Code
Top Related Reddit Thread
Top Related Hackernoon Post
Top Related Tweet
Top Related Dev.to Post
Top Related Hashnode Post
For anyone else following, this is caused by the fact that the app has it’s own context in the BoxClient object which you declared and used to create your tokens.
Admins and Apps can not only not own content, they can’t manipulate content. Users and App Users must be used. It’s not currently very clear in the example code, but you must create a “user context”…
Until you create and use that user context, you are attempting to perform restricted actions as the app when you really want to perform them as a user.
While it’s possible to “switch” that BoxClient context from that of an admin to that of a user, it is also just fine and dandy to have a BoxClient object for each context and use the appropriate object for specific actions. For example, you would use the adminClient for user CRUD while you’d use the userClient for file and folder CRUD.
Yes, exactly. If you have content that you historically would have had the admin account own (like it’s shared across all app users) you should create a dedicated app user for that content. The app admin account, for security reasons, is no longer allowed to own content.