LoginSignup
5
4

Delete article

Deleted articles cannot be recovered.

Draft of this article would be also deleted.

Are you sure you want to delete this article?

More than 3 years have passed since last update.

@alokrawat050(Alok Rawat)

BOX API Integration With RubyOnRails(OAuth 2.0)

Last updated at Posted at 2016-08-04

Login By Using OAuth 2.0

https://www.box.com/
Box | Secure Content & Online File Sharing for Businesses
Box offers secure content management and collaboration for individuals, teams, and businesses, enabling secure file sharing and access to your files online.

For OAuth2.0, please refer below link.
http://www.bubblecode.net/en/2016/01/22/understanding-oauth2/

To configure the application in BOX, follow the below step.
Step1: Create a developer account.
https://app.box.com/signup/o/default_developer_offer
If you have ignored.

Step2:
Follow the below link steps:-
https://box-content.readme.io/docs/oauth-20

Step3:
After completing the app setting in BOX, create a rails application.
Let us suppose,controller name is box_api_controller.rb
In box_api_controller.rb file,

Create a make request on login button

def make_request
	#Check access token expire or not.
	check_access_token_expire = check_access_token_expire_dt
	if check_access_token_expire.split("-")[0] == "access_token"
		#Create client by passing Token
		@box_client = Boxr::Client.new(check_access_token_expire.split("-")[1])
		cookies[:token] = check_access_token_expire.split("-")[1]
	else
		if check_access_token_expire.split("-")[0] == "refresh_token"
			#Call method
			create_post_req_url("refresh_token","refresh_token",check_access_token_expire.split("-")[1])
		else
			# kick off authorization flow
			parameters = "response_type=code&client_id=<your client id>&redirect_uri=<your application url>/handle_user_decision/&state=security_token"
			url = "https://account.box.com/api/oauth2/authorize?#{parameters}"
			redirect_to url
		end
	end end

After authorized the client id, get code in response

def handle_user_decision
	# kick off authorization flow
	#Get authorization code
	code_url = Rack::Utils.parse_query URI(request.original_url).query
	code = code_url["code"] 
	#Call method
	create_post_req_url("authorization_code","code", code) 
end

Create a post URL

	def create_post_req_url(grant_type,header, code)
	#Set oauth2 url
	uri = URI.parse("https://api.box.com//oauth2//token")
	#Passing parameter
	data = "grant_type=#{grant_type}&#{header}=#{code}&client_id=<your client id>&client_secret=<your client secret key>"
	#Set header
	headers = {"Content-Type" => "application/x-www-form-urlencoded"}
	#Get http request
	http = Net::HTTP.new(uri.host,uri.port)
	http.use_ssl = true
	http.verify_mode = OpenSSL::SSL::VERIFY_NONE
	#Do post the URL
	response = http.post(uri.path,data.to_s,headers)
	#Check response
	if response.code != "200"
		flash[:alert] ="エラーが発生しました。管理者に連絡してください。エラーの内容:#{response.code}  #{JSON.parse(response.body)}"
	else
		#flash[:alert] ="#{response.body.to_json}"
		parsed = JSON.parse(response.body) # returns a hash
		token = parsed["access_token"]
		cookies[:token] = nil
		cookies[:token] = token      
		if grant_type == "authorization_code"
			#Insert BOX access token details
			user = "<your drive user name>"
			insert_access_token(user, token, parsed["refresh_token"], Time.now)
		else
			if grant_type == "refresh_token"
				#Update BOX access token 
				updt_access_token(user, token, code, parsed["refresh_token"], Time.now)
			end  
		end
		redirect_to box_api_index_path
	end
end

Other helper methods:-

Check access_token expire or not.

	def check_access_token_expire_dt
	@access_token_time = BoxApiAccessToken.getaccesstokentime
	if !@access_token_time.blank?
		@access_token_time.each do |token_details |
			if token_details.access_token_dt != nil
				if token_details.new_access_token_dt.to_datetime.new_offset(Rational(9, 24)).strftime('%Y/%m/%d %H:%M') < Time.now.to_datetime.new_offset(Rational(9, 24)).strftime('%Y/%m/%d %H:%M')
					check_access_token_expire_dt = "refresh_token-#{token_details.refresh_access_token}"
					return check_access_token_expire_dt
				else
					check_access_token_expire_dt = "access_token-#{token_details.access_token}"
					return check_access_token_expire_dt
				end
			else
				check_access_token_expire_dt = "new_token-req_new_token"
				return check_access_token_expire_dt
			end
		end
	else
		check_access_token_expire_dt = "new_token-req_new_token"
		return check_access_token_expire_dt
	end
end

Insert access_token details in DB

	def insert_access_token(user,access_token,refresh_access_token,access_token_dt)
	@box_access_token = BoxApiAccessToken.new(
			:user => user,
			:access_token => access_token,
			:refresh_access_token => refresh_access_token,
			:access_token_dt => access_token_dt)

			#Save User Device Data
			@box_access_token.save
end

# Update access_token,refresh_access_token,access_token_dt details in DB
	def updt_access_token(user,access_token, refresh_access_token,new_refresh_access_token,access_token_dt)
	#@box_access_token_updt = BoxApiAccessToken.find_refresh_access_token(refresh_access_token)
	@box_access_token_updt = BoxApiAccessToken.find_by_refresh_access_token(refresh_access_token)
	attributes = {:access_token => access_token,:access_token_dt => access_token_dt, :refresh_access_token => new_refresh_access_token, :updated_at => access_token_dt}
	#Update the object
	@box_access_token_updt.update_attributes(attributes)
end

In model,

class BoxApiAccessToken < ActiveRecord::Base
	scope :getaccesstokentime, lambda { 
select("id,access_token,refresh_access_token,substring(cast(access_token_dt as varchar),0,17) as access_token_dt,substring(cast(access_token_dt + interval '60 minute' as varchar),0,17) as new_access_token_dt ").order(:id => "desc").limit(1)
	}   
end

In index.html.erb file

<%= form_tag(:controller => "box_api", :action => 'make_request') do |f| %>
<div class="form-group"><%= submit_tag("Box Login", class: "btn btn-primary") %></div><% end %>

Here is my migration file

class CreateBoxApiAccessTokens < ActiveRecord::Migration
	def change
		create_table :box_api_access_tokens do |t|
			t.string :user, :limit => 100, :null => false
			t.string :access_token, :limit => 500
			t.string :refresh_access_token, :limit => 500
			t.datetime :access_token_dt, :limit => 50
			t.datetime :created_at, :null => false
			t.string :created_by, :limit => 50
			t.datetime :updated_at
			t.string :updated_by, :limit => 50
			t.boolean :del_flag, :default => false		
			end
		execute 'alter table box_api_access_tokens alter column created_at set default now()'
	end
end

Please note that,
Using the Access and Refresh Tokens
The access_token is the actual string needed to make API requests.Each access_token is valid for 1 hour.In order to get a new, valid token, you can use the accompanying refresh_token.Each refresh_token is valid for one use in 60 days.Every time you get a new access_token by using a refresh_token,
we reset your timer for the 60 day period and hand you a new refresh_token.
This means that as long as your users use your application once every 60 days, their login is valid forever.

For more details, please refer BOX API document.

Enjoy Coding.

Thanks & Best Regards,
Alok Rawat

5
4
1

Register as a new user and use Qiita more conveniently

  1. You get articles that match your needs
  2. You can efficiently read back useful information
  3. You can use dark theme
What you can do with signing up
Sign upLogin
5
4

Delete article

Deleted articles cannot be recovered.

Draft of this article would be also deleted.

Are you sure you want to delete this article?