Today, we (me + 3 gals from Hackbright) planned our app for the Box Hackathon. The rules allow participants to prepare and do limited coding in advance. After our initial discussions, I realized we would have two main areas of concern: (1) data model; and (2) working with the Box API.
One of my teammates had outlined an MVP in a Google doc. I had added a preliminary data model with no relationships, but several tables to help the team think about what data we would collect and how to organize it. Since I have never used online data modeling software, I looked at a few different options and decided to use draw.io. While I miss the ease of using a whiteboard, snapping pictures of a whiteboard in order to share it later has a high annoyance factor. Using draw.io, I was able to drag, drop, redo, undo, delete and ultimately share the model (along with a link) in the Google doc.
During our two-hour Google hangout, we also agreed that everyone would read up on building a Box Integration versus building on the Box Platform. Initially, we thought we needed to use the Box Platform. However, we also discussed that perhaps a Box Integration was better. No one was quite sure.
After the hangout ended, I reviewed the Box documentation in more depth. I determined that we needed to build on the Box Platform. We are going to have a Box enterprise account that stores all of the documents and users of our app are going to be allowed to log-in to our app and will have permission to see certain documents in our enterprise account.
So, I followed the “Build on Box Platform” directions, from the beginning. First, I had to configure an application in Box. The docs were clear and it went smoothly.
The next step, authentication with JSON web tokens (JWT), was more complex. Harkening back to the Hackbright lecture on cryptography, I had to generate an RSA keypair. I installed the OpenSSL toolkit and was able to generate public and private keys, and add the public key to the app configuration in Box. Then, I had to write a few scripts to deal with the private key on the backend. The virtual environment for this app has a ton of dependencies, and there is no app yet!
Next up was constructing the JWT assertion. After some searches on Google and in the Box Developer Forum, I was able to modify a script in the developer forum and obtain an encoded JWT assertion. Then, I needed to construct the OAuth2 request. I used OAuth2 with my Hackbright project, so I thought this would be similar. I was wrong. The directions were not clear, the developer docs were not helpful, and at midnight, I realized that I was better off going to sleep, and talking to my teammates or someone at Box about it tomorrow….