Level up your Box knowledge with brand new learning paths on Box University. Visit training.box.com to get started

Comments

4 comments

  • Rui Barbosa

    Hi Ian

    Assuming your question is in the context of authentication of an app, it probably refers to the JWT server side authentication.

    In essence when you configure a server side JWT authenticated app, you need a private/public key pair, and you send the public key to your box app configuration. These are then used to exchange encrypted information related with authentication between the platform and your app.

    Let me illustrate with some screen shots of an app configured to use JWT authentication:

    If you scroll down, you'll see the section to manage the public keys:

     

    From here you have a couple of options:

    • Generate your own (manually) public/private key pair, or if you already have a private key, generate just the public one, and then upload the public key to your app via the "add public key" button.
    • Or click the "Generate a Public/Private key pair" button and have it done for you.

    To manually generate a public/private key pair follow this guide.

    If you select the second option, Box will trigger the download of a JSON file, with all the configurations you need for the CLI or any of the SDK's. This JSON includes your private key, so keep it safe. Once this is done there is no way you can get your private key again.

    For example on my Box CLI:

    ❯ box configure:environments:get -c
    Client ID:
    Enterprise ID: '87...855'
    Box Config File Path: /Users/rbarbosa/Documents/box-cli/jwt.config.json
    Has Inline Private Key: true
    Private Key Path: null
    Name: JWT
    Default As-User ID: null
    Use Default As-User: false
    Cache Tokens: true

    For example using the Python SDK:

    from boxsdk import Client, JWTAuth

    def box_client_get(jwt_config_file_path: str) -> Client:
    """get a box client"""
    auth = JWTAuth.from_settings_file(jwt_config_file_path)
    returnClient(auth)

    You can also pass all the parameters for the JWTAuth manually, instead of a file, for example:

    def jwt_test_manual():
    auth = JWTAuth(
    client_id = Config.JWT_CLIENT_ID,
    client_secret = Config.JWT_CLIENT_SECRET,
    enterprise_id = Config.JWT_ENTERPRISE_ID,
    jwt_key_id = Config.JWT_PUBLIC_KEY_ID,
    rsa_private_key_file_sys_path = Config.private_key_path, # your private key .pem
    rsa_private_key_passphrase = Config.JWT_PASSPHRASE,
    store_tokens = jwt_store_token,
    )
    access_token = auth.authenticate_instance()
    client = Client(auth)
    service_account = client.user().get()
    print(f'Service Account user ID is {service_account.id}')
    print(f'Access token: {access_token}')

     To learn more about using JWT Auth in box follow this guide.

    Let us know if this helped.

    Best regards

    0
    Comment actions Permalink
  • ianhorn17

    So what you're saying is that in the documentation example belowe where it refers to a `'CERT.PEM'` file, it just needs the config file path?

    ned_auth = JWTAuth(
        client_id='YOUR_CLIENT_ID',
        client_secret='YOUR_CLIENT_SECRET',
        user=ned_stark_user,
        jwt_key_id='YOUR_JWT_KEY_ID',
        rsa_private_key_file_sys_path='CERT.PEM',
        rsa_private_key_passphrase='PASSPHRASE'
    )
    ned_auth.authenticate_user()
    ned_client = Client(ned_auth)```

    0
    Comment actions Permalink
  • Rui Barbosa

    Hi Ian,

    So in your example the rsa_private_key_file_sys_path, points to your manually generated private key.

    rsa_private_key_file_sys_path='path/to/private/key/CERT.PEM'

    The same example shows the instantiating of a JWAuth object passing each parameter individually.

    The other option that I was mentioning is to create/download the config.json file which has all these parameters and then instantiate the JWTAuth using the config file:

    auth = JWTAuth.from_settings_file(path/to/jwt_config_file)

    the config json file looks like this:

    {
        "boxAppSettings": {
        "clientID": "...",
        "clientSecret": "...",
          "appAuth": {
          "publicKeyID": "...",
          "privateKey": "-----BEGIN ENCRYPTED PRIVATE KEY-----\n...=\n-----END ENCRYPTED PRIVATE KEY-----\n",
          "passphrase": "..."
          }
        },
      "enterpriseID": "..."
      }

    So use one or the other.

    0
    Comment actions Permalink
  • ianhorn17

    Thank your for your assistance.  I was just thrown for a loop.  I understand.

    0
    Comment actions Permalink

Please sign in to leave a comment.