Nodejs web app stuck without access token using SDK

Hi,
I’m a little stuck on this. We use box for our storage for clients (organisations) and with each client, we open a new folder.
The functionality I’m looking for is for an internal admin webapp. When a user logs in to the admin app, I want to retrieve a service account token so then when they create an organisation, it triggers a new folder created in the enterprise account.

All the client_ids etc are in the .env and in the dev console, the custom app is fine. Here is a copy of my server.js:

const BoxSDK = require('box-node-sdk');
// Box configuration
app.get('/api/box-access-token', cors(corsOptions), async (req, res) => {
    const sdkConfig = {
      boxAppSettings: {
        clientID: process.env.BOX_CLIENT_ID,
        clientSecret: process.env.BOX_CLIENT_SECRET,
      },
      enterpriseID: process.env.ENTERPRISE_ID,
    }
    const sdk = BoxSDK.getPreconfiguredInstance(sdkConfig)

    const client = sdk.getAnonymousClient();

    // Extract the necessary information
    const boxSdkAccessToken = client.accessToken;
    console.log('Box SDK Access Token:', boxSdkAccessToken);

    // Respond with the access token
    res.json({ boxSdkAccessToken }); // Updated to use 'accessToken' as the key

});

Pretty simple code block, but I’m racking my brain as in the terminal, I’m not seeing the boxSdkAccessToken.

Hi @bretton , welcome to the forum!

I’m assuming this is a test, in the sense that your app should not need the access token directly, and the refresh is handled automatically by the client.

Nevertheless the access token is buried deep in the client session:

// Extract the necessary information
const boxSdkAccessToken = client._session._tokenInfo;
console.log('Box SDK Access Token:', boxSdkAccessToken);

Will result in:

❯ node  server.ts
Example app listening on port 3000
Current user: CCG (ID: 20706451735)
Box SDK Access Token: {
  accessToken: 'OQ...Kd',
  refreshToken: undefined,
  accessTokenTTLMS: 4054000,
  acquiredAtMS: 1706631661790
}

There is another important detail. The access token is only fetched when needed, meaning it will be empty after the const client = sdk.getAnonymousClient();

Taking your example, I’ve added a who am I call. Here is the complete example:


const BOX_CLIENT_ID = 'MY CLIENT ID'
const BOX_CLIENT_SECRET ='MY CLIENT SECRET'
const ENTERPRISE_ID ='MY ENTERPRISE ID'

const express = require('express')
const app = express()
const port = 3000

const cors = require('cors')
const corsOptions = {'origin': '*'}

const BoxSDK = require('box-node-sdk');

app.get('/api/box-access-token', cors(corsOptions), async (req, res) => {
    const sdkConfig = {
      boxAppSettings: {
        clientID: BOX_CLIENT_ID,
        clientSecret: BOX_CLIENT_SECRET,
      },
      enterpriseID: ENTERPRISE_ID,
    }
    const sdk = BoxSDK.getPreconfiguredInstance(sdkConfig)

    const client = sdk.getAnonymousClient();

    const me = await client.users.get(client.CURRENT_USER_ID, null);
    console.log('Current user: ' + me.name + ' (ID: ' + me.id + ')');

    // Extract the necessary information
    const boxSdkAccessToken = client._session._tokenInfo;
    console.log('Box SDK Access Token:', boxSdkAccessToken);

    // Respond with the access token
    res.json({ boxSdkAccessToken }); // Updated to use 'accessToken' as the key

});

app.listen(port, () => {
    console.log(`Example app listening on port ${port}`)
  })

Let us know if this helps.

Cheers

G’day Rui,

Yep, that worked, and you are correct that my code is a test for now but I’ll integrate functionality from box into the webapp.

Great prompt feedback, thanks, B

Great!

If you prefer to use TypeScript, check this out:

Cheers