App authorization request – JWT integration fails with "sub" claim error

Answered

Follow

New post

Zero Code

• April 18, 2025 17:05

Hello,

I’ve created a Custom App using the JWT (Server Authentication) method called ZQ_Demo. I’ve configured the app with App + Enterprise Access and enabled the necessary scopes. However, when I try to authenticate using the Box Node SDK, I receive this error:

Auth Error: Please check the 'sub' claim. The 'sub' specified is invalid. [400 Bad Request] invalid_grant

Can you please confirm whether the app needs to be manually authorized on your side, or if there are any additional steps required for using JWT authentication?

Thank you!

0

• 

  Rona

  • April 23, 2025 20:53

  Hi there, 

  Welcome to Box Community and glad to assist! 

  The "sub" claim in the JWT should always be a Box ID — depending on the value of "box_sub_type" it would be either the ID of the user you're trying to generate tokens for or the ID of the enterprise you're authenticating as the service account for. You want to verify this value is correct and that you're passing it as a string.

  More info here.

  Hope it helps!

  0

  Comment actions Permalink

Please sign in to leave a comment.