Welcome to the new Box Support website. Check out all the details here on what’s changed.

Undocumented error when requesting a token

Answered
New post

Comments

3 comments

  • bettaio

     my gut feeling is that the JWT header is lacking a value for "alg" but you seem to be setting one. Can you do a check and log the complete header before you encode the JWT? My guess is the header algorithm is empty.

     

    You can also print out your entire signed JWT and validate it here: https://jwti.io

    0
    Comment actions Permalink
  • barakbd1

    I checked in jwt.io.

    The header and payload decode fine, and the header shows:

    {
      "algorithm": "RS512",
      "keyid": "Public_Key_Id"
    }
    

    It is the signature that is failing, I am just not sure why.

    Am I signing as follows

    sha256_sign()
    {
      declare input=${1:-$(

     

    I am not concerned with the base64_encode function, since the JWT decodes fine.

    0
    Comment actions Permalink
  • barakbd1

    I think I found the error.

    I set the header key as algorithm in stead of alg.

    The reason I did this, is because this is the key in the box docs - https://developer.box.com/guides/authentication/jwt/without-sdk/

    I assume the SDKs convert to the correct key.

    0
    Comment actions Permalink

Please sign in to leave a comment.