OAuth2 with JWT

Answered

Follow

New post

Chrisre

• March 21, 2018 11:12

Following Tutorial for OAuth2 authentication with JWT returns the following error.

 

{
   "error": "invalid_request",
   "error_description": "Invalid grant_type parameter or parameter missing"
}

 

I am using the following format for my request.

 

https://api.box.com/oauth2/token?grant_type=urn:ietf:params:oauth:grant-type:jwt-bearer&client_id=YOUR_CLIENT_ID&client_secret=YOUR_CLIENT_SECRET&assertion=YOUR_JWT_ASSERTION

 

I am using SoapUI to send the request with the POST method.

 

The grant type parameter I am using is what is specified in the documentation (urn:ietf:params:oauth:grant-type:jwt-bearer).

 

Any help would be appreciated.

0

• 

  mwiller

  • March 21, 2018 18:29

   This might be a misunderstanding on my part, but it looks from your example like you're passing the parameters (e.g. client_id and assertion) as query parameters in the URL — these are meant to be passed in the POST body.  Can you check to make sure you're passing them in the correct place?

  0

  Comment actions Permalink
• 

  Chrisre

  • March 22, 2018 09:03

  Yes, you are right. I was putting the parameters in the wrong place. When I added the parameters to body it worked. I am getting a different error now, about my private key not matching the public key. But at least the request seems to be working now. Thanks!
  

  0

  Comment actions Permalink
• 

  _bigtom

  • March 24, 2018 02:52

  For the mismatched key error, I had that initially when I did not first decrypt the private key provided by box.

   

  Once I got past that error, I had another one that is that the signature was signed with a different key than the private key on file. Not true but I did get the error.

  0

  Comment actions Permalink

Please sign in to leave a comment.