• [ x ] I have checked that the SDK documentation doesn't solve my issue.
• [ x ] I have checked that the API documentation doesn't solve my issue.
• [ x ] I have searched the Box Developer Forums and reached out to Box Support directly and my issue hasn't yet been resolved.
• [ x ] I have searched Issues on the GitHub and my exact issue isn't already reported.

Description of the Issue

I've been having issues with Box authentication through Python since I started using it. I am trying to use the Box Python SDK to generate permanent download links for thousands of files. I have figured out how to generate all of the links, but unfortunately when I first generated them they were not permanent. I now need to go and update all of the links, but the first time I did this, due to all of my authentication issues, I put in a developer token each hour for many many hours (weeks of time). I don't want to have to do this ever again so I am hoping to solve the authentication issue.

I have tried all of the different authentication methods recommended in the documentation. However, the only method that is successful for me is using the developer token. Here are some of the problems I ran into using various authentication methods:

• using JWT: 'Access denied - insufficient permission' error
• using JWT with user access token: I am not sure how to find the jwt_key_id, rsa_private_key_file_sys_path, or the rsa_private_key_passphrase. I am not sure if those are generated within the box developer or if I have to find them elsewhere? Particularly, the example for the rsa_private_key_file_sys_path has "CERT.PEM" as the example file but I have not had success generating such a file with the box developer. I thought that maybe this was the .json file that is generated from creating a public/private key-pair, but it doesn't seem to be the right type of file. I have also tried the following lines of code but I end up with an "'User' object has no attribute ‘authenticate_user'" attribute error, which I think can only be fixed by finding the above jwt_key_id, rsa_private_key_file_sys_path, and the rsa_private_key_passphrase:

auth = JWTAuth.from_settings_file('config.json’) #generated from the box developer website
client = Client(auth)
user = client.user(user_id='#######’) #my user ID
user.authenticate_user()
user_client = client.as_user(user)

• using CCGAuth: "The "box_subject_type" value is unauthorized for this client_id" error
• using OAuth2.0 Auth: "Message: No "refresh_token" parameter found" error and I am unsure where to find the refresh token on the Box Developer website for the app.

I’m sorry if this is generally straight forward for other developers to figure out, but I am just a grad student who isn’t really familiar with this type of developer programming and I find the API for all of the Box ecosystem pretty opaque.

I should also note that I have tried all of the above authentication methods with both the initial Box CLI app and another trial app that I generated which allows me to create the downloadable .json files with public/private key pairs.

Steps to Reproduce

All of the lines of code I tried for authorization I directly copied from the SDK auth wiki page and inserted my own user ID, .json file, etc., generated using the Box Developer. This leads me to believe that this might be an issue with setting up the Box Developer side of things--unless that code only works in very specific cases, but if so, then more detailed instructions should be added to the wiki for how to set that up properly so that the sample code will work.

Expected Behavior

Successful authentication that did not require a development token to be put in each hour.

Versions Used

Python SDK: 3.3.0 Python: 3.6.13

Hello,

I have been struggling for some days with this issue. At the beginning I thought I was doing something wrong but I think there is something else.

I followed the regular documentation for JWT:

from boxsdk import JWTAuth
from boxsdk import Client

auth = JWTAuth(
    client_id='clientID',
    client_secret='clientSecret',
    enterprise_id='ent_ID',
    jwt_key_id='jwtKey',
    rsa_private_key_file_sys_path='/some/path/.ssh/box_private_key.pem',
    rsa_private_key_passphrase='keyPassphrase',
)

access_token = auth.authenticate_instance()

client = Client(auth)

print client.file(file_id='226905808148').get()['name']

Now when running this I get the following error:

boxsdk.exception.BoxAPIException: 
Message: Not Found
Status: 404
Code: not_found
Request id: 37750090159cc237ec9612
Headers: {'Content-Length': '244', 'Content-Encoding': 'gzip', 'Age': '0', 'Strict-Transport-Security': 'max-age=31536000; includeSubDomains', 'Vary': 'Accept-Encoding', 'Server': 'Server', 'Connection': 'keep-alive', 'Cache-Control': 'no-cache, no-store', 'Date': 'Wed, 27 Sep 2017 22:17:34 GMT', 'Content-Type': 'application/json'}
URL: https://api.box.com/2.0/files/226905808148
Method: GET
Context info: {u'errors': [{u'reason': u'invalid_parameter', u'message': u"Invalid value 'f_226905808148'. 'item' with value 'f_226905808148' not found", u'name': u'item'}]}

I tried different things including a "hack" which was using the access token to validate an http request:

from boxsdk import JWTAuth
import requests

auth = JWTAuth(
    client_id='clientID',
    client_secret='clientSecret',
    enterprise_id='ent_ID',
    jwt_key_id='jwtKey',
    rsa_private_key_file_sys_path='/some/path/.ssh/box_private_key.pem',
    rsa_private_key_passphrase='keyPassphrase',
)

access_token = auth.authenticate_instance()

headers = {
    'Authorization': 'Bearer ' + access_token,
}

r = requests.get('https://api.box.com/2.0/files/226905808148', headers=headers)

print r.text

And I got the following error, that matches the previous error:

{
	"type": "error",
	"status": 404,
	"code": "not_found",
	"context_info": {
		"errors": [{
			"reason": "invalid_parameter",
			"name": "item",
			"message": "Invalid value 'f_226905808148'. 'item' with value 'f_226905808148' not found"
		}]
	},
	"help_url": "http:\/\/developers.box.com\/docs\/#errors",
	"message": "Not Found",
	"request_id": "4462211659cc2829437c9"
}

I decided to test the same http method but this time with a token generated from the dev console:

console_token = 'some_dev_console_generated_token'

headers = {
    'Authorization': 'Bearer ' + console_token,
}

r = requests.get('https://api.box.com/2.0/files/226905808148', headers=headers)

print r.text

And this seems to be fine:

{
	"type": "file",
	"id": "226905808148",
	"file_version": {
		"type": "file_version",
		"id": "239594515476",
		"sha1": "21c41745877c5ad2a44accec48bdb7cf776f3331"
	},
	"sequence_id": "0",
	"etag": "0",
	"sha1": "21c41745877c5ad2a44accec48bdb7cf776f3331",
	"name": "the_raven.txt",
	"description": "",
	"size": 6877,
	"path_collection": {
		"total_count": 3,
		"entries": [{
			"type": "folder",
			"id": "0",
			"sequence_id": null,
			"etag": null,
			"name": "All Files"
		}, {
			"type": "folder",
			"id": "31850680225",
			"sequence_id": "0",
			"etag": "0",
			"name": "ITCOE"
		}, {
			"type": "folder",
			"id": "31850693387",
			"sequence_id": "0",
			"etag": "0",
			"name": "software"
		}]
	},
	"created_at": "2017-09-20T19:37:52-07:00",
	"modified_at": "2017-09-20T19:37:52-07:00",
	"trashed_at": null,
	"purged_at": null,
	"content_created_at": "2017-05-25T20:29:27-07:00",
	"content_modified_at": "2017-05-25T20:29:27-07:00",
	"created_by": {
		"type": "user",
		"id": "242123783",
		"name": "Marvin Solano",
		"login": "[email protected]"
	},
	"modified_by": {
		"type": "user",
		"id": "242123783",
		"name": "Marvin Solano",
		"login": "[email protected]"
	},
	"owned_by": {
		"type": "user",
		"id": "242123783",
		"name": "Marvin Solano",
		"login": "[email protected]"
	},
	"shared_link": null,
	"parent": {
		"type": "folder",
		"id": "31850693387",
		"sequence_id": "0",
		"etag": "0",
		"name": "software"
	},
	"item_status": "active"
}

I generated a test token (access_token = auth.authenticate_instance()) with the SDK to test it with Postman and I got the same response.

Any ideas of what I might be doing wrong?

Regards Marvin

We are currently seeing this error:

BoxAPIException: Message: Bad Request Status: 400 Code: bad_request Request id: 472788704576acf6cd4ec5 Headers: {'Content-Length': '227', 'Content-Encoding': 'gzip', 'Age': '0', 'Vary': 'Accept-Encoding', 'Server': 'ATS', 'Connection': 'keep-alive', 'Cache-Control': 'no-cache, no-store', 'Date': 'Wed, 22 Jun 2016 17:48:28 GMT', 'Content-Type': 'application/json'} URL: https://api.box.com/2.0/files/64281490105 Method: PUT

Our flow is as such:

unshared_at = datetime.now() + timedelta(days=1) file = self.client.file(file_id=file_id) return file.get_shared_link_download_url(access=u'open', unshared_at=unshared_at)

This only started happening this morning. We're wondering what changed.

Submitting per Tatyana @ Box (Case 2182873):

User [email protected] is getting

error: Request "GET https://api.box.com/2.0/folders/0/items" failed with ConnectionError exception: ConnectionError(MaxRetryError("HTTPSConnectionPool(host='api.box.com', port=443): Max retries exceeded with url: /2.0/folders/0/items?offset=0 (Caused by NewConnectionError('<urllib3.connection.VerifiedHTTPSConnection object at 0x000001623BC88988>: Failed to establish a new connection: [Errno 11001] getaddrinfo failed'))"))

when trying to view folder items. Dani is making a GET call to https://api.box.com/2.0/folders/0/items. He is authenticating as [email protected]. Dani is using the Python SDK, version 2.8.0. His app's details are below:

When using postman, we are able to get the folder information on and off network.

Last email from Tatyana:

Thanks, Dani.

When querying within a few minutes of that timestamp for your app's activity, these are the IP addresses that are being used:

194.9.245.34
104.129.196.179
208.49.203.14
3.230.237.143

However, when I looked at any GET calls made from any of these IPs, I get no results.

Since you can make the call successfully in Postman, I agree that this is definitely an issue with the SDK.

Observed

1. Our application initializes a connection with the BoxSDK near the beginning of execution to fetch IDs and locate files.
2. Our application then does intense processing that may take anywhere from a few minutes to upwards of half an hour, depending on data ingestion sizes.
3. Our application then attempts to save new artifacts to Box, and immediately raises this Exception: WARNING:boxsdk.network.default_network:[31mRequest "GET https://api.box.com/2.0/folders/140796660496/items" failed with ConnectionError exception: ConnectionError(ProtocolError('Connection aborted.', ConnectionResetError(104, 'Connection reset by peer')))

• This Exception is only observed if the gap in Step 2 is longer than 15 minutes. This behaviour has only been observed since August 12, 2022
• We are using Python 3.8.5
• We are using boxsdk==2.12.1 (attempted upgrading to 3.4.0 as well)

Currently we are wrapping the exception with function that re-initializes the boxsdk.Client() object and retries. While this does work, we would like some clarity on why connections are forcibly terminated on Box's side and what the best practice should be here.

Hi,

1. Problem Statement. : Recursive function call to connect to Box API to get the box file metadata Access token and refresh tokens are refreshed at the expiry (1 hour) and written back to configuration file and the recent tokens are used continuously to authenticate

2. Issue noticed : At the expiry of the tokens (60-80 minutes) Box API fails with the below error message and the script terminates abruptly .

Client id — wfe8a4wdxfaflu6vugr4vtnu19wqhmdu API key — OAuth2.0 SDK version —BoxSDK (2.11.0)

3. Below are the logs .

Authentication Issue happening randomly even though the Refersh and Access Tokens are valid, Below is the error log . No handlers could be found for logger "boxsdk.network.default_network" Message: No "refresh_token" parameter found Status: 400 URL: https://api.box.com/oauth2/token Method: POST Headers: {'Transfer-Encoding': 'chunked', 'Set-Cookie': 'box_visitor_id=602b5dfae771f0.30863027; expires=Wed, 16-Feb-2022 05:54:02 GMT; Max-Age=31536000; path=/; domain=.box.com; secure, bv=OPS-44271; expires=Tue, 23-Feb-2021 05:54:02 GMT; Max-Age=604800; path=/; domain=.app.box.com; secure, cn=13; expires=Wed, 16-Feb-2022 05:54:02 GMT; Max-Age=31536000; path=/; domain=.app.box.com; secure, site_preference=desktop; path=/; domain=.box.com; secure', 'Strict-Transport-Security': 'max-age=31536000', 'Connection': 'keep-alive', 'Cache-Control': 'no-store', 'Date': 'Tue, 16 Feb 2021 05:54:03 GMT', 'Content-Type': 'application/json'} Message: No "refresh_token" parameter found Status: 400 URL: https://api.box.com/oauth2/token Method: POST Headers: {'Transfer-Encoding': 'chunked', 'Set-Cookie': 'box_visitor_id=602b5dfc21a093.04408389; expires=Wed, 16-Feb-2022 05:54:04 GMT; Max-Age=31536000; path=/; domain=.box.com; secure, bv=OPS-44271; expires=Tue, 23-Feb-2021 05:54:04 GMT; Max-Age=604800; path=/; domain=.app.box.com; secure, cn=91; expires=Wed, 16-Feb-2022 05:54:04 GMT; Max-Age=31536000; path=/; domain=.app.box.com; secure, site_preference=desktop; path=/; domain=.box.com; secure', 'Strict-Transport-Security': 'max-age=31536000', 'Connection': 'keep-alive', 'Cache-Control': 'no-store', 'Date': 'Tue, 16 Feb 2021 05:54:04 GMT', 'Content-Type': 'application/json'} Message: No "refresh_token" parameter found Status: 400 URL: https://api.box.com/oauth2/token Method: POST Headers: {'Transfer-Encoding': 'chunked', 'Set-Cookie': 'box_visitor_id=602b5dfd495a32.42643028; expires=Wed, 16-Feb-2022 05:54:05 GMT; Max-Age=31536000; path=/; domain=.box.com; secure, bv=OPS-44271; expires=Tue, 23-Feb-2021 05:54:05 GMT; Max-Age=604800; path=/; domain=.app.box.com; secure, cn=21; expires=Wed, 16-Feb-2022 05:54:05 GMT; Max-Age=31536000; path=/; domain=.app.box.com; secure, site_preference=desktop; path=/; domain=.box.com; secure', 'Strict-Transport-Security': 'max-age=31536000', 'Connection': 'keep-alive', 'Cache-Control': 'no-store', 'Date': 'Tue, 16 Feb 2021 05:54:05 GMT', 'Content-Type': 'application/json’}

4. Upon debugging it is noticed that the tokens which are renewed and written back to configuration file is valid . This is verified by making a separate authentication check through CURL command . But the script terminates stating no refresh token found .

According to Change Log documentation, logging_network support was removed in version 2.0.0. README documentation was never updated to reflect this removal. This PR resolves that discrepancy between docs and changelog.

Our applications are working very well with boxsdk version 1.5.5. When we update boxsdk to version 2.0..0.0, our application can work at source. But if we freeze our sources into stand-alone executables with Pyinstaller, we got an error like below.

Traceback (most recent call last): File "Box-Report\boxreport.py", line 9, in File "", line 971, in _find_and_load File "", line 955, in _find_and_load_unlocked File "", line 665, in load_unlocked File "c:\users\changqli\appdata\local\anaconda3\envs\pydev36\lib\site-packages\PyInstaller\loader\pyimod03_importers.py", line 627, in exec_module exec(bytecode, module.dict) File "site-packages\boxsdk_init.py", line 8, in AttributeError: module 'boxsdk.object' has no attribute 'collaboration' [4548] Failed to execute script boxreport

We want to solve this issue, can we get any help? Our environments are windows 7, 64 bits and Pyinstaller version 3.4.

Added the option to include bytes when requesting the contents of a file. This is a feature that is available in API calls, but not originally in the boxsdk for python.

Example:

bytes = [0,60]
client.file(file_id=id).content(bytes=bytes)

CLA signed

• [x] I have checked that the SDK documentation and API documentation doesn't solve my issue

Description of the Issue

// Replace this text with a description of what problem you're having.
// Please include as much detail as possible to help us troubleshoot!
// If it isn't obvious, please include how the behavior you expect differs from what actually happened.
// This is really important so we know how to start troubleshooting your issue.

Versions Used

Box Python SDK: // Replace with the version of the Python SDK you're using.
Python: // Replace with the version of Python your application is running on.

Steps to Reproduce

// Please include detailed steps to reproduce the issue you're seeing, if possible.
// If you don't have a reproducible error, please make sure that you give us as much detail
// as you can about what your application was doing when the error occurred.
// Good steps to reproduce the problem help speed up debugging for us and gets your issue resolved sooner!

Error Message, Including Traceback

// Replace with the full error output you're seeing, if applicable.
// Please include the full stack trace to help us identify where the error is happening.

• [x ] I have checked that the SDK documentation doesn't solve my issue.
• [x ] I have checked that the API documentation doesn't solve my issue.
• [ x] I have searched the Box Developer Forums and my issue isn't already reported (or if it has been reported, I have attached a link to it, for reference).
• [ x] I have searched Issues in this repo and my issue isn't already reported.

Description of the Issue

When trying to access the folder structure from a Linux server, it sometimes succeeds, and sometimes I get: File "/dist/shows/shared/lib/python2.7/site-packages/jwt/api_jws.py" in encode 114. signature = alg_obj.sign(signing_input, key)

File "/dist/shows/shared/lib/python2.7/site-packages/jwt/algorithms.py" in sign 313. return key.sign(msg, padding.PKCS1v15(), self.hash_alg())

Exception Type: AttributeError at /attachments/add/red/international/internationalizr/712768/ Exception Value: '_RSAPrivateKey' object has no attribute 'sign'

This seems to happen more often when the browser request to the server is coming from a Mac Big Sur. This doesn't make sense, since it is still the Linux server issuing the Box call.

Steps to Reproduce

rootFolder = self.client.folder(folder_id='0') where self.client is the box client

Versions Used

Python SDK: 2.12.1 Python: 2.7.5

Hello there,

• [X] I have checked that the SDK documentation doesn't solve my issue.
• [X] I have checked that the API documentation doesn't solve my issue.
• [X] I have searched the Box Developer Forums and my issue isn't already reported (or if it has been reported, I have attached a link to it, for reference).
• [X] I have searched Issues in this repo and my issue isn't already reported.

Description of the Issue

I am running into some issues related authentication using OAuth2. It appears my refresh token is not getting refreshed, like the store_tokens callback is doing nothing or the .refresh() method does not do anything.

Steps to Reproduce

Here is an example script, auth.py:

#!/usr/bin/env python3
# -*- coding: UTF-8 -*-

# Python standard library
from __future__ import print_function
import configparser, os, sys 

# 3rd party imports
from boxsdk import Client, OAuth2


def err(*message, **kwargs):
    """Prints any provided args to standard error.
    kwargs can be provided to modify print functions 
    behavior.
    @param message <any>:
        Values printed to standard error
    @params kwargs <print()>
        Key words to modify print function behavior
    """
    print(*message, file=sys.stderr, **kwargs)


def fatal(*message, **kwargs):
    """Prints any provided args to standard error
    and exits with an exit code of 1.
    @param message <any>:
        Values printed to standard error
    @params kwargs <print()>
        Key words to modify print function behavior
    """
    err(*message, **kwargs)
    sys.exit(1)


def parsed(config_file = None, required = [
        'client_id', 'client_secret', 
        'access_token', 'refresh_token'
        ]
    ):
    """Parses config file in TOML format. This file should contain
    keys for client_id, client_secret, access_token, refresh_token.
    The `auth` function below will update the values of access_token
    and refresh_token to keep the users token alive. This is needed 
    because the developer tokens have a short one hour life-span.
    @Example `config_file`:
    [secrets]
    client_id = XXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
    client_secret = XXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
    access_token = XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
    refresh_token = XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

    @param config_file <str>:
        Path to config file, default location: ~/.config/bx/bx.toml 
    @return [client_id, client_secret, access_token, refresh_token]:
        Returns a list of <str> with authenication information:
            [0] client_id
            [1] client_secret
            [2] access_token
            [3] refresh_token
    """
    # Information to parse from config file
    secrets, missing = [], []
    if not config_file:
        # Set to default location
        # ~/.config/bx/bx.toml
        home = os.path.expanduser("~")
        # TODO: add ENV variable to
        # override this default PATH
        config_file = os.path.join(home, ".config", "bx", "bx.toml")  

    # Read and parse in config file 
    config = configparser.ConfigParser()
    config.read(config_file)
    # Get authentication information,
    # Collect missing required info
    # to pass to user later
    for k in required:
        try:
            v = config['secrets'][k]
            secrets.append(v)
        except KeyError as e:
            missing.append(k)

    if missing:
        # User is missing required 
        # Authentication information
        fatal(
            'Fatal: bx config {0} is missing these required fields:\n\t{1}'.format(
                config_file,
                missing
            )
        )

    return secrets


def update(access_token, refresh_token, config_file=None):
    """Callback to update the authentication tokens. This function is 
    passed to the `boxsdk OAuth2` constructor to save new `access_token` 
    and `refresh_token`. The boxsdk will automatically refresh your tokens
    if they are less than 60 days old and they have not already been re-
    freshed. This callback ensures that when a token is refreshed, we can
    save it and use it later.
    """
    if not config_file:
        # Set to default location
        # ~/.config/bx/bx.toml
        home = os.path.expanduser("~")
        # TODO: add ENV variable to
        # override this default PATH
        config_file = os.path.join(home, ".config", "bx", "bx.toml")
    # Read and parse in config file 
    config = configparser.ConfigParser()
    config.read(config_file)
    # Save the new `access_token` 
    # and `refresh_token`
    config['secrets']['access_token'] = access_token
    config['secrets']['refresh_token'] = refresh_token
    with open(config_file, 'w') as ofh:
        # Method for writing is weird, but
        # this is what the docs say todo
        config.write(ofh)


def authenticate(client_id, client_secret, access_token, refresh_token):
    """Authenticates a user with their client id, client secret, and tokens.
    By default, authentication information is stored in "~/.config/bx/bx.toml".
    Here is an example of bx.toml file:
    [secrets]
    client_id = XXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
    client_secret = XXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
    access_token = XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
    refresh_token = XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

    NOTE: This operation needs to be performed prior to any Box API calls. A 
    Box developer token has a short life-span of only an hour. This function will
    automatically refresh a token, to extend its life, when called. A token that
    has an expiration date past 60 days CANNOT be refreshed. In this scenario, a 
    user will need to create a new token prior to running the tool. A new token 
    can be create by creating an new 0auth2 app here: http://developers.box.com/
    """
    auth = OAuth2(
        client_id=client_id,
        client_secret=client_secret,
        refresh_token=refresh_token,
        store_tokens = update
    )

    try:
        access_token, refresh_token = auth.refresh(None)
    except Exception as e:
        # User may not have refreshed 
        # their token in 60 or more days
        err(e)
        err("\nFatal: Authentication token has expired!")
        fatal(" - Create a new token at: https://developer.box.com/")
    
    return access_token, refresh_token



if __name__ == '__main__':
    try:
        # Use user provided config
        test_file = sys.argv[1]
    except IndexError:
        # Test auth config file parser
        home = os.path.expanduser("~")
        test_file = os.path.join(home, ".config", "bx-dev", "bx.toml")

    client_id, client_secret, access_token, refresh_token = parsed(
        config_file = test_file
    )

    # Test token refresh 
    new_access_token, new_refresh_token = authenticate(
         client_id = client_id, 
         client_secret = client_secret,
         access_token = access_token, 
         refresh_token = refresh_token
    )

    # Manually update tokens
    update(
        access_token = new_access_token, 
        refresh_token = new_refresh_token, 
        config_file = test_file
    )

    # Test authentication
    auth = OAuth2(
        client_id = client_id,
        client_secret = client_secret,
        access_token = new_access_token,
        refresh_token = new_refresh_token,
        store_tokens = update
    )

    # Get user info
    client = Client(auth)
    user = client.user().get()
    print("The current user ID is {0}".format(user.id))

Here is an example config file, config.toml:

[secrets]
client_id = XXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
client_secret = XXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
access_token = XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
refresh_token = XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

Here is example usage of the script:

python3 auth.py config.toml

Expected Behavior

I was hoping the token would get refreshed and saved in the config file. I am not sure of the best way to get a refresh token. From http://developers.box.com/, I only see a Developer token option. I have been using an access_token and refresh_token that I generated for connecting Box to Rclone. With that being said, I got this script to work a few times by running Rclone and then copying the new refresh_token and access_token Rclone updated in its config file. That worked a few times, and then it randomly stopped working. The tokens provided to the python-sdk are the same tokens that Rclone is using. Rclone works fine with those tokens.

Is there a way to refresh a developer token in a headless manner (working on a remote server)? Similar to how this OAuth2 refresh is supposed to behave? I just need a token to programmatically interact with Box, that I can refresh without a browser getting involved. It seems like Rclone has figured this out. If I checkout the config file it uses, it automatically gets updated when the token expires. Also, it is possible to create a token with a longer life span, say like a year or so. I will be using this token to programmatically interact with files I own on Box.

Error Message, Including Stack Trace

Here is the error:

$ python3 auth.py config.toml
"POST https://api.box.com/oauth2/token" 400 69
{'Date': 'Wed, 14 Dec 2022 20:38:56 GMT', 'Content-Type': 'application/json', 'Transfer-Encoding': 'chunked', 'Strict-Transport-Security': 'max-age=31536000', 'Set-Cookie': 'box_visitor_id=639a3460a13270.50706908; expires=Thu, 14-Dec-2023 20:38:56 GMT; Max-Age=31536000; path=/; domain=.box.com; secure, bv=OPS-45763; expires=Wed, 21-Dec-2022 20:38:56 GMT; Max-Age=604800; path=/; domain=.app.box.com; secure, cn=9; expires=Thu, 14-Dec-2023 20:38:56 GMT; Max-Age=31536000; path=/; domain=.app.box.com; secure, site_preference=desktop; path=/; domain=.box.com; secure', 'Cache-Control': 'no-store', 'Via': '1.1 google', 'Alt-Svc': 'h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"'}
{'error': 'invalid_grant', 'error_description': 'Invalid refresh token'}


Message: Invalid refresh token
Status: 400
URL: https://api.box.com/oauth2/token
Method: POST
Headers: {'Date': 'Wed, 14 Dec 2022 20:38:56 GMT', 'Content-Type': 'application/json', 'Transfer-Encoding': 'chunked', 'Strict-Transport-Security': 'max-age=31536000', 'Set-Cookie': 'box_visitor_id=639a3460a13270.50706908; expires=Thu, 14-Dec-2023 20:38:56 GMT; Max-Age=31536000; path=/; domain=.box.com; secure, bv=OPS-45763; expires=Wed, 21-Dec-2022 20:38:56 GMT; Max-Age=604800; path=/; domain=.app.box.com; secure, cn=9; expires=Thu, 14-Dec-2023 20:38:56 GMT; Max-Age=31536000; path=/; domain=.app.box.com; secure, site_preference=desktop; path=/; domain=.box.com; secure', 'Cache-Control': 'no-store', 'Via': '1.1 google', 'Alt-Svc': 'h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"'}

Versions Used

Python SDK: 3.5.1 Python: 3.8

• [x] I have checked that the SDK documentation doesn't solve my issue.
• [x] I have checked that the API documentation doesn't solve my issue.
• [x] I have searched the Box Developer Forums and my issue isn't already reported (or if it has been reported, I have attached a link to it, for reference).
• [x] I have searched Issues in this repo and my issue isn't already reported.

Description of the Issue

Some of my many upload to Box requests using python Box SDK are failing with error below:

Steps to Reproduce

1. Go to '...'
2. Click on '....'
3. Scroll down to '....'
4. See error

Expected Behavior

Error Message, Including Stack Trace

Traceback (most recent call last):
  File "/usr/local/lib/python3.7/site-packages/urllib3/connection.py", line 175, in _new_conn
    (self._dns_host, self.port), self.timeout, **extra_kw
  File "/usr/local/lib/python3.7/site-packages/urllib3/util/connection.py", line 95, in create_connection
    raise err
  File "/usr/local/lib/python3.7/site-packages/urllib3/util/connection.py", line 85, in create_connection
    sock.connect(sa)
TimeoutError: [Errno 110] Connection timed out

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/usr/local/lib/python3.7/site-packages/urllib3/connectionpool.py", line 710, in urlopen
    chunked=chunked,
  File "/usr/local/lib/python3.7/site-packages/urllib3/connectionpool.py", line 386, in _make_request
    self._validate_conn(conn)
  File "/usr/local/lib/python3.7/site-packages/urllib3/connectionpool.py", line 1040, in _validate_conn
    conn.connect()
  File "/usr/local/lib/python3.7/site-packages/urllib3/connection.py", line 358, in connect
    self.sock = conn = self._new_conn()
  File "/usr/local/lib/python3.7/site-packages/urllib3/connection.py", line 187, in _new_conn
    self, "Failed to establish a new connection: %s" % e
urllib3.exceptions.NewConnectionError: <urllib3.connection.HTTPSConnection object at 0x40cf0fbbd0>: Failed to establish a new connection: [Errno 110] Connection timed out

Screenshots

Versions Used

Python SDK: Python:

Is your feature request related to a problem? Please describe.

Yes. We're seeing far fewer events when streaming enterprise events via the Box Python SDK in comparison to the Node one, which we want to migrate off of due to better Kafka support in Python.

In order to switch from Node to Python, I believe that we need generate_events_with_long_polling() to be implemented for the enterprise event stream type.

You can see the warning that this is not implemented here in source and here in docs.

The reason I believe we need generate_events_with_long_polling() is because it allows you to make one call and continuously receive events from that position in the stream forward (like we do in Node). Trying to do that manually has the following problem: you need to manually track your position in the stream, and positions in the stream are constantly moving as data falls off the end of the retention window. i.e. The positions are not static, they're moving as data comes in, so there's no reliable way to keep fetching data in order. We've been told by Box devs in the past that manually managing the stream position is unreliable for that reason, and will result in data loss and duplication.

Describe the solution you'd like

Implement generate_events_with_long_polling() for the enterprise event stream type.

Describe alternatives you've considered

Staying on Node for the time being. This is the only alternative I can think of, as we can't seem to reliably capture all events in our enterprise instance using the Python SDK.

Additional context

I've reached out via a support ticket with Box through my company IBM, and they suggested also opening an issue here to communicate with the SDK team directly. Sakora said:

It looks like our Python SDK team would need to implement this functionality into our SDK. I have reached out to our Python SDK team for further clarification when this will be implemented. You can also reach out directly to our Python SDK team by opening a GitHub Issues ticket in the GitHub repo to communicate directly with them. I will provide an update once I receive a response back from our Python SDK team.

After reviewing your suggested resolution we concluded that it does not apply to our current issue because we aren't changing networks or using VPN on these machines. In fact, our computers are working most of the time and sporadically get this error. Can you please provide an alternative solution?

Description of the Issue

Type hints are present for methods, but type hints for objects (e.g. File) are missing the attributes. Running a tool like mypy or intellij with type hinting complains about attributes: "Item" has no attribute "content_created_at" [attr-defined]

Steps to Reproduce

pip install mypy mypy test/unit/object/test_folder.py

or open test_folder.py in Intellij

Error Message, Including Stack Trace

get errors like on line 286 assert new_file.description == file_description # File has no attribute 'description'

Versions Used

Python SDK: 3.0.1, python 3.8.8

Is your feature request related to a problem? Please describe.

There has recently been deployed in July 2021 new endpoints to access and trigger Box workflows. This was announced here: https://developer.box.com/changelog/#2021-07-16-manual-start-workflow-endpoints-now-active

Describe the solution you'd like

Is there a plan and to include these endpoints to manage workflows in the python sdk? if yes, when is this expected?

Describe alternatives you've considered

Additional context