> ## Documentation Index
> Fetch the complete documentation index at: https://developer.box.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Select Auth Method

export const SignupCTA = ({children}) => {
  return <div className="flex flex-wrap items-center gap-4 p-5 rounded-lg border border-gray-200 dark:border-gray-700 my-6" style={{
    background: "linear-gradient(135deg, rgba(0, 97, 213, 0.06), rgba(0, 97, 213, 0.02))"
  }}>
      <div className="flex-1 text-sm leading-relaxed text-gray-700 dark:text-gray-300" style={{
    minWidth: "280px"
  }}>
        {children}
      </div>
      <div className="flex flex-col items-center gap-2">
        <a href="https://account.box.com/signup/developer#ty9l3" className="signup-cta-button inline-flex items-center whitespace-nowrap px-5 py-2 text-sm font-semibold text-white no-underline">
          Get started for free
        </a>
        <a href="https://account.box.com/developers/console" className="signup-cta-login text-xs text-gray-500 dark:text-gray-400 no-underline whitespace-nowrap">
          Already have an account? Log in
        </a>
      </div>
    </div>;
};

export const Link = ({href, children, className, ...props}) => {
  const localizedHref = localizeLink(href);
  return <a href={localizedHref} className={className} {...props}>
      {children}
    </a>;
};

The type of authorization your application can use depends on the specific use case.

<Card href={localizeLink("/guides/applications/platform-apps/create")} arrow title="Learn how to create a Platform App" />

Depending on the authentication method you choose, you need to specify further details.

| Authentication Method        | Details                                                                              |
| ---------------------------- | ------------------------------------------------------------------------------------ |
| **OAuth 2.0**                | Specify the client ID and client secret.                                             |
| **JWT**                      | Add a public key or generate a public/private key pair. Choose the app access level. |
| **Client Credentials Grant** | Specify the client ID and client secret. Choose the app access level.                |

See <Link href="/guides/applications/platform-apps/create">Create a Platform App</Link> for details.

## Client-side

### OAuth 2.0

OAuth 2.0 requires the application to redirect end-users to their browser to
login to Box and authorize the application to take actions on their
behalf.

<Frame center width="400" shadow border>
  <img src="https://mintcdn.com/box/J_EwM_J-GUl8Mc67/guides/authentication/oauth2-grant.png?fit=max&auto=format&n=J_EwM_J-GUl8Mc67&q=85&s=f23fd814eed5fd3fd4e468e39d95c93f" alt="Box OAuth 2.0 approval" width="796" height="890" data-path="guides/authentication/oauth2-grant.png" />
</Frame>

<Info>
  **When to use OAuth 2.0?**

  Client-side authentication is the ideal authentication method for apps that:

  * work with users who have existing Box accounts
  * use Box for identity management, so users know they are using Box
  * store data within each user account vs. within an application's Service Account
</Info>

<Card href={localizeLink("/guides/authentication/oauth2")} arrow title="Learn about client-side authentication with OAuth 2.0" />

## Server-side

### JWT

Server-side authentication using JSON Web Tokens (JWT) does not require end-user
interaction and, if granted the proper privileges, can be used to act on behalf
of any user in an enterprise. Identity is validated using a JWT assertion and
public/private keypair.

<Frame center shadow border>
  <img src="https://mintcdn.com/box/J_EwM_J-GUl8Mc67/guides/authentication/jwt-flow.png?fit=max&auto=format&n=J_EwM_J-GUl8Mc67&q=85&s=400d37f399fdf209a49d907462148d32" alt="Box JWT flow" width="1920" height="1080" data-path="guides/authentication/jwt-flow.png" />
</Frame>

<Info>
  **When to use JWT?**

  Server-side authentication with JWT is the ideal authentication method for apps
  that:

  * work with users without Box accounts
  * use their own identity system
  * do not want users to know they are using Box
  * store data within the application's Service Account and not a user's account
</Info>

<Card href={localizeLink("/guides/authentication/jwt")} arrow title="Learn about server-side authentication with JWT" />

### Client Credentials Grant

Server-side authentication using Client Credentials Grant does not require
end-user interaction and, if granted the proper privileges, can be used to act
on behalf of any user in an enterprise. Identity is validated using the
application's client ID and client secret.

<Info>
  **When to use a Client Credentials Grant?**

  Server-side authentication with Client Credentials Grant is the ideal
  authentication method for apps that:

  * work with users without Box accounts
  * use their own identity management system
  * do not want users to know they are using Box
  * store data within the application's Service Account and not a user's account
</Info>

<Card href={localizeLink("/guides/authentication/client-credentials")} arrow title="Learn about server-side authentication with Client Credentials Grant" />

## Comparison

The following is a quick overview of the key difference between client-side and
server-side authentication.

|                                   | OAuth 2.0 | JWT | Client Credentials |
| --------------------------------- | --------- | --- | ------------------ |
| Requires user involvement?        | Yes       | No  | No                 |
| Requires admin approval?          | No        | Yes | Yes                |
| Can act on behalf of other users? | Yes       | Yes | Yes                |
| Do users see Box?                 | Yes       | No  | No                 |
| Can create App Users?             | No        | Yes | Yes                |

<Note>
  Apps created with a free developer account are authorized automatically. In that environment, JWT and Client Credentials Grant apps don't require a separate admin approval step before use. <Link href="/guides/authorization/platform-app-approval">Platform App Approval</Link> provides more details details on authorization.
</Note>

<Info>
  An Access Token is tied to a specific Box user and the way the token has been
  obtained determines who that user is.

  For example, when using client-side authentication the token represents the
  user who granted access to their account, while while when using server-side
  authentication the token defaults to the application's Service Account.
</Info>

<SignupCTA>
  Ready to start building? A free developer account gives you access to the Developer Console, where you can create a Platform App and configure your preferred authentication method.
</SignupCTA>
