Welcome to the new Box Support website. Check out all the details here on what’s changed.

Getting Error on /oauth2/token when asserting JWTs: current date time must be before expiration date

New post

Comments

2 comments

  • Murtza

    Thanks for sharing this !

    0
    Comment actions Permalink
  • moeckelb

    Could you please show a little more example code to log in with the jwt?

    I'm stuck trying this both ways, with a http-request and with the node-sdk.

    My attempts look like the following:

     

     

     

    var jwt = require('jsonwebtoken');
    var fs = require('fs');
    var base64url = require("base64url");
    var request = require('request');
    var client_id = ...
    var client_secret = ...
    // request.debug = true;
    var key = fs.readFileSync('private_key.pem');
    var passphrase = ...

    var exp = Math.round((Date.now()/1000))+60;

    var header = {
    "alg": "RS256",
    "typ": "JWT",
    "kid": keyID
    };
    var claims = {
    "iss": client_id,
    "sub": "removed for privacy",
    "box_sub_type": "user",
    "aud": "https://api.box.com/oauth2/token",
    "jti": "removed for privacy10111213141517",
    "exp": exp
    };

    var encodedHeader = base64url(new Buffer(JSON.stringify(header)));
    var payload = base64url(new Buffer(JSON.stringify(claims)));

    var signature = jwt.sign(encodedHeader + '.' + payload, {key: key, passphrase: passphrase}, {algorithm: 'RS256'});
    var encodedsignature = base64url(new Buffer(JSON.stringify(signature)));
    var jwt = encodedHeader + "." + payload + "." + encodedsignature; //hier befindet sich wahrscheinlich Fehler
    console.log(jwt);


    var options = {
    uri: 'https://api.box.com/oauth2/token',
    method: 'POST',
    json: true,
    headers: {'content-type': 'application/x-www-form-urlencoded'},
    // body: 'grant_type=urn:ietf:params:oauth:grant-type:jwt-bearer&client_id=' + client_id + '&client_secret=' + client_secret + '&assertion=' + jwt
    body: 'grant_type=urn:ietf:params:oauth:grant-type:jwt-bearer&client_id=' + client_id + '&client_secret=' + client_secret + '&assertion=' + jwt

    }; 

    returns:
    { error: 'invalid_grant',
    error_description: 'OpenSSL unable to verify data: error:0906D06C:PEM routines:PEM_read_bio:no start line' }



    var
    jwt = require('jsonwebtoken');
    var fs = require('fs');
    var base64url = require("base64url");
    var BoxSDK = require('box-node-sdk');
    var request = require('request');
    var client_id = ...
    var client_secret = ...
    // request.debug = true;
    var key = fs.readFileSync('private_key.pem'); //converted to windows @ notepad, neccessary??
    var keyID = ...
    var passphrase = ...

    var sdk = new BoxSDK({
    clientID: client_id,
    clientSecret: client_secret,
    appAuth: {
    keyID: keyID,
    privateKey: key,
    passphrase: passphrase
    }
    });

    // Get the enterprise client, used to create and manage app user accounts
    var client = sdk.getAppAuthClient('testEnterprise', '5069122');


    client.folders.getItems('0', {fields: 'id,name'}, function (err, data) {
    console.log(err);
    });

    //returning [Error: Expired Auth: Auth code or refresh token has expired.]
    statusCode: 400] and body:
    { error: 'invalid_grant',
    error_description: 'Please check the \'box_sub_type\' claim.' } },
    authExpired: true }






     It would be really great if you could provide any advise to solve this problem.

    0
    Comment actions Permalink

Please sign in to leave a comment.