Level up your Box knowledge with brand new learning paths on Box University. Visit training.box.com to get started

Box Status

Can't get access token via JWT for custom app (integration server to server )

Completed
Follow
New post
Andrzej Baranowski

Hi,

I'm trying to obtain access token from JWT credentials grant. I tested a lot of scenarios, but all ended with different http 400 error.   I’m sending the JWT data according to specification “JWT without SDK” and it also ends up with http error 400. I tested various options, and  sometimes I got more meaningful error messages like more “Please check the 'sub' claim. The 'sub' specified is invalid.” That type errors I was able to fix. But I have no idea why I’m getting  the error response ":"The client credentials are invalid" whe all seesm to bo OK according to JWT without SDK guide

I aslo  attmpted to use logogn as service accoun "user"  but it failed. See result bellow  Based on all of this I believe I’m sending right JWT token content but I  got only error response . Can you help with this issue

Thanks,

Andrzej

 

HTTP status: 400

Error code : badrequest

Response :{"error":"invalid_client","error_description":"The client credentials are invalid"}

 

The reques is posted to  endpoint    https://api.box.com/oauth2/token   and  it look like this

JWT TOKEN

grant_type=urn%3Aietf%3Aparams%3Aoauth%3Agrant-type%3Ajwt-bearer&assertion=[ header.payload.signature here ] &client_id=we7so1r05na94npuz7l6lhjo5oj9nk5u&client_secret[value from config.json file here]

The decoded assetion part  JWT data look like this  

            {

 typ: "JWT",

 alg: "RS512",

 kid: "y63fp--------- part of value removed] "

}.

{

 iss: "we7so1r05na94npuz7l6lhjo5oj--------- part of  removed] ",

 sub: "810013",

 box_sub_type: "enterprise",

 aud: "https://api.box.com/oauth2/token",

 jti: "JWT-Worday-1691057022067",

 exp: 1691057077

}.

[signature]

 

I suscesfully checked the following:

  • Decoding JWT token - it was OK.
  • Decrypting the private key via code and compare inf with openssl decoded key it was OK.
  • Trying to use node.js SDK to generate token – OK - the token content looks similar.

 

Other attempts

I also experimented login as “user” by  means of providing different values for  “iss” and “box_sub_type” fields.

The result were  

In JWT token  I set in "iss" field  value of "service account name"

In JWT token  I set in "sub" field  value of "user"

 

Error code : badrequest

Response :{"error":"invalid_grant","error_description":"Please check the 'iss' claim. The client id specified is invalid."}

 

In JWT token  I set in "iss" field  there is  value of Oauth2.0 client ID

In JWT token  I set in "sub" field  value of "user"

 

Response :{"error":"invalid_grant","error_description":"Please check the 'sub' claim. The 'sub' specified is invalid."}

 

 

 

0

Comments

2 comments

Date Votes
  • Rona

    Hi Andrzej, 

    Welcome to Box Community and glad to assist! 

    A member of our team will step in to provide assistance. Please keep an eye out and we'll send an email. 

    Thanks for posting! 

    0
    Comment actions Permalink
  • [Jagriti] [Bhandari]

    Hi,
    I am also facing a similar issue, can someone please guide how can I resolve it.
    Thanks,
    Jagriti

    0
    Comment actions Permalink

Please sign in to leave a comment.