Box Authentication in Python

I’ve been working on orchestrating an ETL load process from text files stored in the Cloud based file management tool, Box. Working with Python for the first time, I’ve found it to be an extremely flexible and straightforward language to use for such a task. There’s even a Box SDK that provides direct access to the bulk of the services needed to manage files in Box.

However, the Box API uses OAuth2.0 for authentication. Part of the process for permitting access to the Box API is to present the user with a web page, requesting permission to access the Box account. This does not fit well with an automated orchestration process.

I’ve written a small Python script that uses the keyring¬†Python module as secure storage for the authorisation and refresh tokens required to connect to Box. Using the Box SDK, the tokens are refreshed automatically when they expire and you’ll see in the code below how I leverage the Box SDK to retain the tokens indefinitely in the secure key store. After “priming” the store with an initial set of tokens, the script will maintain the tokens automatically, provided it runs within the 60 day periods before the refresh token expires. Note that you’ll need to install the Box SDK and keyring Python modules, using PIP, prior to running the script. You’ll also need to specify the client_id and client_secret values from your Box Developer App in the script below.

The key here, if you’ll pardon the pun, is in the store_tokens function. This is invoked automatically by the Box SDK, whenever it detects the expiration of the access token. The SDK will automatically request new tokens, using the active refresh token, and pass those two new token values back to the pass back function defined in the OAuth2 object initialisation. In the example above, we use the keyring module to store the values securely with¬†the Windows Credential Manager. Before invoking any methods, we read these values and use them in the authentication constructor. Great stuff!