.pem file
When working with BoxCLI or the Node SDK, the examples reference a file path to a .pem file. How do I create a .pem file, and have it work with the box app?
-
Hi Ian
Assuming your question is in the context of authentication of an app, it probably refers to the JWT server side authentication.
In essence when you configure a server side JWT authenticated app, you need a private/public key pair, and you send the public key to your box app configuration. These are then used to exchange encrypted information related with authentication between the platform and your app.
Let me illustrate with some screen shots of an app configured to use JWT authentication:
If you scroll down, you'll see the section to manage the public keys:
From here you have a couple of options:
- Generate your own (manually) public/private key pair, or if you already have a private key, generate just the public one, and then upload the public key to your app via the "add public key" button.
- Or click the "Generate a Public/Private key pair" button and have it done for you.
To manually generate a public/private key pair follow this guide.
If you select the second option, Box will trigger the download of a JSON file, with all the configurations you need for the CLI or any of the SDK's. This JSON includes your private key, so keep it safe. Once this is done there is no way you can get your private key again.
For example on my Box CLI:
❯ box configure:environments:get -c
Client ID:
Enterprise ID: '87...855'
Box Config File Path: /Users/rbarbosa/Documents/box-cli/jwt.config.json
Has Inline Private Key: true
Private Key Path: null
Name: JWT
Default As-User ID: null
Use Default As-User: false
Cache Tokens: trueFor example using the Python SDK:
from boxsdk import Client, JWTAuth
def box_client_get(jwt_config_file_path: str) -> Client:
"""get a box client"""
auth = JWTAuth.from_settings_file(jwt_config_file_path)
returnClient(auth)You can also pass all the parameters for the JWTAuth manually, instead of a file, for example:
def jwt_test_manual():
auth = JWTAuth(
client_id = Config.JWT_CLIENT_ID,
client_secret = Config.JWT_CLIENT_SECRET,
enterprise_id = Config.JWT_ENTERPRISE_ID,
jwt_key_id = Config.JWT_PUBLIC_KEY_ID,
rsa_private_key_file_sys_path = Config.private_key_path, # your private key .pem
rsa_private_key_passphrase = Config.JWT_PASSPHRASE,
store_tokens = jwt_store_token,
)
access_token = auth.authenticate_instance()
client = Client(auth)
service_account = client.user().get()
print(f'Service Account user ID is {service_account.id}')
print(f'Access token: {access_token}')To learn more about using JWT Auth in box follow this guide.
Let us know if this helped.
Best regards
-
So what you're saying is that in the documentation example belowe where it refers to a `'CERT.PEM'` file, it just needs the config file path?
ned_auth = JWTAuth( client_id='YOUR_CLIENT_ID', client_secret='YOUR_CLIENT_SECRET', user=ned_stark_user, jwt_key_id='YOUR_JWT_KEY_ID', rsa_private_key_file_sys_path='CERT.PEM', rsa_private_key_passphrase='PASSPHRASE' ) ned_auth.authenticate_user() ned_client = Client(ned_auth)```
-
Hi Ian,
So in your example the rsa_private_key_file_sys_path, points to your manually generated private key.
rsa_private_key_file_sys_path='path/to/private/key/CERT.PEM'
The same example shows the instantiating of a JWAuth object passing each parameter individually.
The other option that I was mentioning is to create/download the config.json file which has all these parameters and then instantiate the JWTAuth using the config file:
auth = JWTAuth.from_settings_file(path/to/jwt_config_file)
the config json file looks like this:
{
"boxAppSettings": {
"clientID": "...",
"clientSecret": "...",
"appAuth": {
"publicKeyID": "...",
"privateKey": "-----BEGIN ENCRYPTED PRIVATE KEY-----\n...=\n-----END ENCRYPTED PRIVATE KEY-----\n",
"passphrase": "..."
}
},
"enterpriseID": "..."
}So use one or the other.
Please sign in to leave a comment.
Comments
4 comments