RSA-SHA256 JWT Box Integration

Follow

New post

vinodtiwari10

• July 14, 2017 06:38

I'm using Box.com for my application. For that I am creating JWT assertion by JavaScript and for that we need 3 parts:

.,.

I have written JavaScript code for SHA256 to generate JWT based on JWT.io, while I am unable to do for RSA-SHA256. Actually i am able to generate header, Payload but unable to generate signature part in RSA-SHA256
So as per Box document, they've given the steps to create HEADER and CLAIMS, but not about how to create SIGNATURE. I've also browsed in external sources, all sources have been made with HS256 algorithms. But Box.com API supports only “RS256″, “RS384″, and “RS512″ algorithms.

So my question here is, how to create SIGNATURE part with RS256 algorithms. Any help would be appreciated.

 

 

0

• 

  Murtza

  • July 17, 2017 13:54

   I am not sure if this will help, but here is how our Noke SDK generates a token using JWT authentication.

  0

  Comment actions Permalink
• 

  vinodtiwari10

  • July 18, 2017 05:29

  Thanks for sharing document but that is not working at our end for RSA-SHA256, 
  and I need 1 source code of any either JavaScript or NodeJS because 
  my system is not accepting any reference call like: Module, require is not defined:
  
  var jwt = require('jsonwebtoken');
  var fs = require('fs');
  var base64url = require("base64url");
  var request = require('request');
  var client_id = 123
  var client_secret = 123
  var key = fs.readFileSync('23er444'); 
  var passphrase = 3444
  var exp = Math.round((Date.now()/1000))+60;
  
  var header = {
  "alg": "RS256",
  "typ": "JWT",
  "kid": keyID
   };
  var claims = {
  "iss": client_id,
  "sub": "sss",
  "box_sub_type": "user",
  "aud": "https://api.box.com/oauth2/token",
  "jti": "ddsss",
  "exp": exp
    };
  
    var encodedHeader = base64url(new Buffer(JSON.stringify(header)));
    var payload = base64url(new Buffer(JSON.stringify(claims)));
  
    var signature = jwt.sign(encodedHeader + '.' + payload, {key: key, 
    passphrase: passphrase}, {algorithm: 'RS256'});
    var encodedsignature = base64url(new Buffer(JSON.stringify(signature)));
    var jwt = encodedHeader + "." + payload + "." + encodedsignature;
     return jwt;
  
   var options = { uri: 'https://api.box.com/oauth2/token',method: 'POST',json: true,headers: {'content-type': 'application/x-www-form-urlencoded'},body: 'grant_type=urn:ietf:params:oauth:grant-type:jwt-bearer&client_id=' + 
     client_id + '&client_secret=' + client_secret + '&assertion=' + jwt
     }; 

      

  0

  Comment actions Permalink

Please sign in to leave a comment.