Box Status

Error when uploading through webforms using Box API

回答済み
フォローする
新規投稿
mlandgraf

Hi all!

We have a few webforms that use the Box API to allow users to upload images to Box while completing the forms. In the last two weeks, we have started seeing that uploading rarely works and is throwing an error. The console shows a CORS error, while the response header shows: 

WWW-Authenticate:
Bearer realm="Service", error="invalid_request", error_description="Malformed auth header"
 
Any ideas why this would suddenly start popping up? We haven't made any changes on our end.
0

コメント

5件のコメント

日付 投票
  • Jason

    Hi  ,

     

    Sorry to hear about the issues! This might be a good request as a Support Ticket, but just as a sanity check, what does the Request header look like? Obfuscate the access token of course, but what I'd want to make sure is that the app is following the convention of "Authorization: Bearer ".

     

    As an additional sanity check, do you see any difference in the network tabs between the successful uploads and failed uploads?

     

    Thanks,

    Jason

    0
    コメントアクション パーマリンク
  • mlandgraf

    Hi Jason,

     

    Our header is defined in our code like this. I'll X out certain portions for privacy:

    var oHeader = {
            "alg": "RS256",
            "typ": "JWT",
            "kid": "XXXXXXXX"
        };
     
    Here is the payload:
        var oPayload = {
            "iss": client_id,
            "sub": "XXXXXXXXX",
            "box_sub_type": "user",
            "aud": "https://api.box.com/oauth2/token",
            "jti": jti,
            "exp": exp_date
        };
     
        //Generate the JWT signature
        var sHeader = JSON.stringify(oHeader);
        var sPayload = JSON.stringify(oPayload);
        var jwt_signature = KJUR.jws.JWS.sign("RS256"sHeadersPayloadprivate_key);

        //Make the request for the access code
        var post_data = 'grant_type=urn:ietf:params:oauth:grant-type:jwt-bearer&client_id=XXXXXXXXXXXXXXXXXXXXXX&client_secret=XXXXXXXXXXXXXX&assertion=' + jwt_signature;
        var access_request = nlapiRequestURL('https://api.box.com/oauth2/token'post_datanullnull'POST');
     
    I can't comment on the differences in the Network tab between successful and failed uploads because I can no longer get anything to upload successfully.
     
    Thanks!
    0
    コメントアクション パーマリンク
  • mlandgraf

     Any suggestions on this?

     

    0
    コメントアクション パーマリンク
  • Jason

     Ah, sorry about that - I meant Headers in the sense of the HTTP Headers, and less so the header of the JSON Web Token.

     

    Not to get too deep into technical troubleshooting, but here's an example of a browser upload from a File Request link:

    Screen Shot 2020-03-12 at 10.34.06 AM.png

    Under the Request Headers, there's a token in the format "Authorization: Bearer ". One thing you could do is see if your upload request (whether it fails or succeeds) has the header formatted correctly, or if there's a subtle difference somewhere. If it does seem to match, the other thing you could do is ensure the token is valid (copy/paste it and use it in Postman or a curl from the command line, for example), but the error message does seem to suggest a formatting issue.

    0
    コメントアクション パーマリンク
  • mlandgraf

    Per Box support, this issue was caused by a change on their end. When requesting the access the token, the header's content type must be set like 

        var headers = {
            'Content-Type': 'application/x-www-form-urlencoded'
        };
    Hopefully this fixes things for others as well!
    0
    コメントアクション パーマリンク

サインインしてコメントを残してください。