Using OAuth2 with JWT without a Box SDK
AnsweredHi Experts,
I want to establish a machine-to-machine scenario but I am working on a platform where no BOX SDK is provided. I have created a new Box App and I have done all the setup there and downloaded the JSON config file. How can I get access to box now in terms of native http(s) calls. Is there any tutorial what sequence of calls is needed and what I have to do with the content of the configuration file. I can certainly write my onw BOX API to do all operations I need but I am not sure how the logon procedure works exactly when using OAuth2 with JWT.
I also noticed the the private key seems to be encrypted in the config file. Do I need to decrypt it before sending it to BOX? What kind of encryption was used?
Thanks in advance for any help
-
Hi — you may find the guide at https://developer.box.com/v2.0/docs/construct-jwt-claim-manually useful. It walks through constructing a JWT manually and using it to authenticate with the Box API.
-
I had to do this as there's no PHP SDK.
I use a library to help:
use Emarref\Jwt\Claim; use Emarref\Jwt\HeaderParameter;
And in my Box class constructor...
function __construct($boxJson) { $this->Curl = new Curl; $boxJson = utf8_encode($boxJson); $boxJson = json_decode($boxJson); $uniqueID = uniqid('???'); $token = new Emarref\Jwt\Token(); $token->addClaim(new Claim\Audience('https://api.box.com/oauth2/token')); $token->addClaim(new Claim\Expiration(new \DateTime('60 seconds'))); //$token->addClaim(new Claim\IssuedAt(new \DateTime('now'))); $token->addClaim(new Claim\Issuer($boxJson->boxAppSettings->clientID)); $token->addClaim(new Claim\JwtId($uniqueID)); //$token->addClaim(new Claim\NotBefore(new \DateTime('now'))); $token->addClaim(new Claim\Subject($boxJson->enterpriseID)); $token->addHeader(new HeaderParameter\KeyId($boxJson->boxAppSettings->appAuth->publicKeyID)); $token->addHeader(new HeaderParameter\Type('JWT')); $token->addClaim(new Claim\PrivateClaim('box_sub_type', 'enterprise')); //encrypt the JWT $algorithm = new Emarref\Jwt\Algorithm\Rs256(); $encryption = Emarref\Jwt\Encryption\Factory::create($algorithm); $privateKey = openssl_get_privatekey($boxJson->boxAppSettings->appAuth->privateKey, $boxJson->boxAppSettings->appAuth->passphrase); $encryption->setPrivateKey($privateKey); $jwt = new \Emarref\Jwt\Jwt(); $serializedToken = $jwt->serialize($token, $encryption); //get the token $TOKEN_RECEIVED = false; $TOKEN_ATTEMPTS = 0; do { $this->Curl->post('https://api.box.com/oauth2/token', array( 'grant_type' => 'urn:ietf:params:oauth:grant-type:jwt-bearer', 'client_id' => $boxJson->boxAppSettings->clientID, 'client_secret' => $boxJson->boxAppSettings->clientSecret, 'assertion' => $serializedToken )); if (isset($this->Curl->response->access_token)) { $TOKEN_RECEIVED = true; } else { $TOKEN_ATTEMPTS++; sleep(5); } } while (!$TOKEN_RECEIVED and $TOKEN_ATTEMPTS < 6); if (!$TOKEN_RECEIVED) { ob_start(); var_dump($this->Curl->response); $TokenErrorText = ob_get_clean(); $TokenErrorFile = 'logs/BoxTokenError-' . date('d-m-Y His') . '.txt'; file_put_contents($TokenErrorFile, $TokenErrorText); exit; } //set the authorization header $this->AccessToken = $this->Curl->response->access_token; $this->Curl->setHeader('Authorization', "Bearer $this->AccessToken"); $this->Curl->setHeader('Content-Type', 'application/json'); }
Please sign in to leave a comment.
Comments
2 comments