Generate a User Access Token with cURL/PHP

New post



  • Jason

    Hi , glad to hear those code examples were helpful! I believe  wrote those and I think he'd be happy to hear that 🙂

    Your understanding is perfectly in line with how we see customers utilize Box when:

    - No user authorization is desired

    - You want a custom UI interface (so you're using the UI elements)


    For your step 3, that's actually just a repeat of step 1. When you authenticate with JWT in step 1, the PHP snippet looks something like this:

    $claims = [
      'iss' => $config->boxAppSettings->clientID,
      'sub' => $config->enterpriseID,
      'box_sub_type' => 'enterprise',
      'aud' => $authenticationUrl,
      // This is an identifier that helps protect against
      // replay attacks
      'jti' => base64_encode(random_bytes(64)),
      // We give the assertion a lifetime of 45 seconds 
      // before it expires
      'exp' => time() + 45,
      'kid' => $config->boxAppSettings->appAuth->publicKeyID

    This gives an access token for the service account, which is created when the app is authorized in the admin console.


    To generate a user access token, replace "sub" with the integer user ID and the sub_type with the string "user". With your new claims, you should be able to make the same API call from step 1 with your slightly different JWT assertion, and get back an access token for a user.


    Does that make sense? It sounds like you are 99% of the way there. Let me know if there's anything I can clarify on that.




    Comment actions Permalink
  • DiogoAbdalla

    Yes it does!


    Thank you a lot, I think I can make this work now

    Comment actions Permalink
  • DiogoAbdalla

    edit: nevermind, I was being dumb (there was a typo)

    Comment actions Permalink
  • DiogoAbdalla

    Hi again, folks, Im in need of some more help. I hope its ok to use this same thread. If it inst, I can start a new one.


    Anyway, Ive followed the docs and Jason tips above and manage to get it working 100% on my local server.


    Than I uploaded it to our test server and its not working there: I get an error trying to get the service user access token:

    error: invalid_grant


    Please check the 'exp' claim. The 'exp' value exceeds the maximum value of (truncated...)


    Ive searched here and its supposed to be related to server time. But the server clock is correct, is using ntp, and its the same as my local machine


    What else could it be?

    Comment actions Permalink
  • rajasegar

    Hi can you please help me getting my user access token by using JWT SDK

    I used the below code but it shows some error...

    where do we get jwt_key_id,cert.pem 

    while running the code i got the error "user() missing 1 required positional argument: 'self'"


    user = client.user(user_id='12345')
    auth = JWTAuth(
    user_client = Client(auth



    Comment actions Permalink

Please sign in to leave a comment.