Welcome to the new Box Support website. Check out all the details here on what’s changed.

Javascript Box JWT authentication problem

New post

Comments

3 comments

  • Jason

    Hi ,

     

    Try outputting your JWT and using JWT.io to see if it is formatted correctly. There is an example JWT that you can use to compare with at:

    https://developer.box.com/v2.0/docs/construct-jwt-claim-manually#section-4-constructing-the-jwt-assertion

     

    You should also check to make sure your API call (headers/parameters etc) overall is formatted correctly too. A good way to test is to first make sure your JWT is valid using the debugger tool at JWT.io, and then use a tool like Postman to send the final POST request to Box. That way, in case there is any formatting error in your code, you can see the difference between what Postman outputs and what your code sends to Box. You could even use something like Requestb.in to inspect your requests.

     

    Thanks,

    Jason

    0
    Comment actions Permalink
  • mwiller

     I wanted to add some information to the response from  — we do not recommend doing authorization calls like this on the client side (e.g. in the user's browser).  Exposing your application's credentials in JS code that is sent to the user is very risky and could allow a malicious user or other attacker to take over your application and make API calls on behalf of your users.

    0
    Comment actions Permalink
  • dschuler

    Unfortunately, the Debugger at JWT.io does not allow one to use RS256 (or any of the other types supported by Box).  Doing that produces an "Invalid signature" error and it does not produce the final encoded results.  That may be verified simply by changing the HS256 in the default example header they provide to RS256.  

     

    Box really should provide an online authentication tester for this purpose that conforms to Box's requirements.  Otherwise there is no way to test JWT authentication other than trial and error.

     

    Dave Schuler

    Chicago, Illinois

    0
    Comment actions Permalink

Please sign in to leave a comment.