Level up your Box knowledge with brand new learning paths on Box University. Visit training.box.com to get started

Undocumented error when requesting a token

Answered
New post

Comments

3 comments

  • bettaio

     my gut feeling is that the JWT header is lacking a value for "alg" but you seem to be setting one. Can you do a check and log the complete header before you encode the JWT? My guess is the header algorithm is empty.

     

    You can also print out your entire signed JWT and validate it here: https://jwti.io

    0
    Comment actions Permalink
  • barakbd1

    I checked in jwt.io.

    The header and payload decode fine, and the header shows:

    {
      "algorithm": "RS512",
      "keyid": "Public_Key_Id"
    }
    

    It is the signature that is failing, I am just not sure why.

    Am I signing as follows

    sha256_sign()
    {
      declare input=${1:-$(

     

    I am not concerned with the base64_encode function, since the JWT decodes fine.

    0
    Comment actions Permalink
  • barakbd1

    I think I found the error.

    I set the header key as algorithm in stead of alg.

    The reason I did this, is because this is the key in the box docs - https://developer.box.com/guides/authentication/jwt/without-sdk/

    I assume the SDKs convert to the correct key.

    0
    Comment actions Permalink

Please sign in to leave a comment.