Level up your Box knowledge with brand new learning paths on Box University. Visit training.box.com to get started

Box Status

Configure App Settings for JTW Authentication

Answered
Follow
New post
STX

Hello,

 

I'm currently trying to properly configure my app for use with the Node SDK in order to establish an App Auth Client. 

 

I've generated an RSA keypair through the Box Dev console and I have my credentials in a JSON file. 

The console notes that: "You can import this file into our SDKs to easily configure your app". However, I haven't found much documentation on the Node SDK to specifically do this.

 

The Node SDK has an example app I've been looking at. But in that the credentials (clientID, publciKey, etc.) are hard-coded in. Specfically for the privateKey, they advise you should put in the path to a .pem file. I'm not exactly sure how to generate the a .pem file for my private key (which again was only given to me through JSON). I'm aware I could use OpenSSL and such, but I'm not sure I want to go through those hoops. 

 

Does anyone have advice / best practices for how to set up App Auth using JWT on Node?

 

Thanks!

0

Comments

5 comments

Date Votes
  • kendomen

    This is new to me too and I haven't seen docs on it but here's what I tried and it seems to work...

     

    1.  npm install config

    2.  mkdir config in the working directory

    3.  I copied the generated config.json file to the config directory and renamed it to default.json

    and then I ran this code...

     

    var BoxSDK = require('box-node-sdk');
var config = require('config');

var sdk = new BoxSDK({
    clientID: config.get('boxAppSettings.clientID'),
    clientSecret: config.get('boxAppSettings.clientSecret'),
    appAuth: {
      keyID: config.get('boxAppSettings.appAuth.publicKeyID'),
      privateKey: config.get('boxAppSettings.appAuth.privateKey'),
      passphrase: config.get('boxAppSettings.appAuth.passphrase')
    }
});

var adminAPIClient = sdk.getAppAuthClient('enterprise', "******");

     

    0
    Comment actions Permalink
  • abbaslotia

    What format did you put the private key into your JSON file? (not trying to spoof, just looking for the format)

     

    e.g. If my private key file looks like this (with line breaks):

     

     

    -----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: AES-256-CBC,1A1111A11A1A1A1AA11111AA11111A11

bUncH0fL3ttEr5and
Symb0lsW1thL1nE/
Break5+Aab1Dc1d3
-----END RSA PRIVATE KEY-----

     

    How do I type that into the value for the privateKey in my app settings json file? Do I need to retain line breaks (is that possible)?

    {
    "boxAppSettings": {
        "clientID": "something",
        "clientSecret": "secretsomething",
        "appAuth": {
            "publicKeyID": "12E4567B",
            "privateKey": "???",
            "passphrase": "password"
        }
    },
    "enterpriseID": "012345",
    "webhooks": {
        "primaryKey": "s0mePr1maryK3y"
    }
}
    0
    Comment actions Permalink
  • abbaslotia

    Solved my own question.

     

    1) I clicked the "Generate a Public/Private Keypair" button.

    2) The downloaded JSON file answered my formatting question.

    0
    Comment actions Permalink
  • benjamin1983

    What did you do with the string? i.e. What did you do to create the pem file, and did you use openssl (using your passphrase) to decrypt it for use in your app?

     

    I generated my own, then decrypted all on openssl, but I'd like to try with the auto generated key pair that Box provides.

     

    Thanks in advance!

    0
    Comment actions Permalink
  • davidswalkabout

    https://github.com/box/box-node-sdk#user-content-app-auth-client gives a similar example:

    var serviceAccountClient = sdk.getAppAuthClient('enterprise', 'APP_ENTERPRISE_ID');

    Where does one find one's 'APP_ENTERPRISE_ID' ? There is a "enterpriseID" property in the json file I pass into the Node SDK constructor; is that it?

    0
    Comment actions Permalink

Please sign in to leave a comment.