how to set private key and passphrase for JWT assertion using BOX JAVA SDK
回答済みHi All, I am trying to just do a quick poc on connecting to box via JWTs and I have created and configured my Box App for JWT server authentication and authroized it as well in the admin console.
The trouble I am having is that when trying to establish a connection using the Box SDK for JAVA I get a null pointer exception as follows:
Exception in thread "main" java.lang.NullPointerException
at com.box.sdk.BoxDeveloperEditionAPIConnection.decryptPrivateKey(BoxDeveloperEditionAPIConnection.java:444)
...
The offending line is (arguments augmented of course): BoxDeveloperEditionAPIConnection api = BoxDeveloperEditionAPIConnection.getAppEnterpriseConnection("entId", "ClientId", "clientSecret", encryption, accessTokenCache);
Now, since this is a quick and dirty POC I am simply trying to input my private key as a string to the setPrivateKey method and I'm sure I'm doing something wrong with this approach.
Can someone tell me how I would take the box provided private key and passphrase and simply enter it as a string into the JWTEncryptionPreferences.setPrivateKey and setPrivateKeyPassword methods?
I've tried removing all the new line characters as well as removing the BEGINING PRIVATE key and END PRIVATE KEY lines as well and still getting an null pointer.
The following is the full example of what I am trying to do:
JWTEncryptionPreferences encryption = new JWTEncryptionPreferences();
encryption.setPublicKeyID("publicKey");
encryption.setPrivateKey("privateKey");
encryption.setPrivateKeyPassword("passPhrase);
encryption.setEncryptionAlgorithm(EncryptionAlgorithm.RSA_SHA_256);
IAccessTokenCache accessTokenCache = new InMemoryLRUAccessTokenCache(1);
BoxDeveloperEditionAPIConnection api = BoxDeveloperEditionAPIConnection.getAppEnterpriseConnection("entId, "clientId", "clientSecret", encryption, accessTokenCache);
System.out.println("Box api created.... {}" + api.getAccessToken());
Thanks in advance for reading/assisting!
-
Hello ,
you are using the BoxConfig and the BoxDeveloperEditionAPIConnection I understand
- https://github.com/box/box-java-sdk/blob/master/src/main/java/com/box/sdk/BoxConfig.java
So, based on this example, everything should be working with needing extra effort.
Have you tried this approach?
Thanks
-
Hi ,
First off, thank you for your reply!
In the example it is using user based authentication however, I am using enterprise based authentication (.getAppEnterpriseConnection(...) vs getAppUserConnection(...)).
I was successful in at least getting the token to work by simply taking the Box provided private key and passphrase (generated for me when I created the public/private key pair in box dev console) and putting them both in the JWTEncryptionPreferences setPrivateKey() and setPrivateKeyPassword methods.
What made the difference was using the entire private key verbatim as it is provided from box no alterations and also I noticed I was getting an illegal key size error which was rectified by installing the following libraries: unlimitedJCEPolicy (the correct one for your JDK) and adding that to my classpath AS WELL as these particular jars which came with the slf4j-1.7.25 library:
- slf4j-jdk14-7.25.jar
- slf4j-ext.1.7.25.jar
- slf4j-api-1.7.25.jar
- osgi-over-slf4j-1.7.25.jar
- log4j-over-slf4j-1.7.25.jar
- jul-to-slf4j-1.7.25.jar
- jcl-over-slf4j-1.7.25.jar
I am now successfully getting an access token however when trying to create a folder I am getting a 404. I "believe" i need to create an app user and get a user specific access token to perform this action so I will try that. If all I want to do however is create files and folders I'm wondering if I shouldn't just skip the enterprise access altogether and go with a user based authentication but I've seen conflicting info that states I should be using the former.
-
Hello!
the 404 error is probably because you are trying to create the folder into another folder where you don't have access to.
You can create appusers or use the same service account. Remember that those users behave as any other user... they do not have access to everything so they have to be invited to collaborate also.
Thanks -
Thanks again , I meant to reply to this thread yesterday. Fortunately I was able to get it to work and I believe the symptom was exactly as you said.
I had to use the access token to create a user and then invite the user to collaborate on a particular folder and lastly user the getAppuserToken method using the previously created user as the argument (as well as the accesstoken) and then I was able to successfully perform user actions such as creating folders, uploading files, creating metadata etc.
Thanks for all the help!
サインインしてコメントを残してください。
コメント
5件のコメント