Level up your Box knowledge with brand new learning paths on Box University. Visit training.box.com to get started

Javascript Box JWT authentication problem

Nouvelle publication

Commentaires

3 commentaires

  • Jason

    Hi ,

     

    Try outputting your JWT and using JWT.io to see if it is formatted correctly. There is an example JWT that you can use to compare with at:

    https://developer.box.com/v2.0/docs/construct-jwt-claim-manually#section-4-constructing-the-jwt-assertion

     

    You should also check to make sure your API call (headers/parameters etc) overall is formatted correctly too. A good way to test is to first make sure your JWT is valid using the debugger tool at JWT.io, and then use a tool like Postman to send the final POST request to Box. That way, in case there is any formatting error in your code, you can see the difference between what Postman outputs and what your code sends to Box. You could even use something like Requestb.in to inspect your requests.

     

    Thanks,

    Jason

    0
    Actions pour les commentaires Permalien
  • mwiller

     I wanted to add some information to the response from  — we do not recommend doing authorization calls like this on the client side (e.g. in the user's browser).  Exposing your application's credentials in JS code that is sent to the user is very risky and could allow a malicious user or other attacker to take over your application and make API calls on behalf of your users.

    0
    Actions pour les commentaires Permalien
  • dschuler

    Unfortunately, the Debugger at JWT.io does not allow one to use RS256 (or any of the other types supported by Box).  Doing that produces an "Invalid signature" error and it does not produce the final encoded results.  That may be verified simply by changing the HS256 in the default example header they provide to RS256.  

     

    Box really should provide an online authentication tester for this purpose that conforms to Box's requirements.  Otherwise there is no way to test JWT authentication other than trial and error.

     

    Dave Schuler

    Chicago, Illinois

    0
    Actions pour les commentaires Permalien

Vous devez vous connecter pour laisser un commentaire.