Box Status

Setting up Postman with Box JWT Server Authentication

フォローする
新規投稿
Kevin Lu

Hello all! 

I'm a web developer at the Univ of Arizona and am trying to set off a manual Box Relay to automate tasks for our staff in College of Humanities (COH).

I am trying to set up Postman to work with our app that's OAuth 2.0 with JWT (Server Authentication). So far: 

When I hit "Get New Access Token", i get the following on my browser:

I get the sense that maybe for JWT, though, I'm not supposed to authenticate this way / i'm doing something wrong. If anyone has information on how to connect Postman to Box API using JWT, that would be super super helpful.

0

コメント

15件のコメント

日付 投票
  • Alex Novotny

    Hey Kevin, 

    With JWT, its a little different. In Postman, you'll want to use your developer token. Go to the developer console where you made your application. Generate a developer token. After that, you can use that token in the Postman app like below. 

    0
    コメントアクション パーマリンク
  • Jehan B Aziz

    Hi Alex,

    Your suggesting is good for testing, but how would I put this into production with automation? I want to be able to request a token from the Box application programmatically. It seems like the Request access token endpoint is what I would use, but have not been successful at providing all of the required fields.
    Thanks for your help.

    1
    コメントアクション パーマリンク
  • Alex Novotny

    Hi Jehan! 

    Are you getting a specific error? May I see the parameters you are sending in? 

    Alex

    0
    コメントアクション パーマリンク
  • saumya sharma

    Hi Alex , 

    I am sending a post request with grant type ,client id and assertion in the body but getting error 'wrong number of segments'. Could you please share what should a correct request look like?

    0
    コメントアクション パーマリンク
  • Alex Novotny

    Hello, 

    I would go through our quick start in the developer documentation - this flow will set up token request flow automatically in Postman. 

    https://developer.box.com/guides/tooling/postman/quick-start/

    0
    コメントアクション パーマリンク
  • saumya sharma

    Hi , I did follow the steps but i get the same error. Please help.

     

    0
    コメントアクション パーマリンク
  • Alex Novotny

    I just followed the quick start guide again to confirm, and I'm not seeing any issues.Can you share a screenshot of the error you are seeing? 

    0
    コメントアクション パーマリンク
  • saumya sharma

    Thanks for the quick response. I am trying to fetch the 'access token' using the jwt assertion token .

     

     

    0
    コメントアクション パーマリンク
  • Alex Novotny

    Ah - I see. Yes. The quick start was meant for using an OAuth 2.0 connection - not JWT. I believe you also need to send in your client secret? 

    0
    コメントアクション パーマリンク
  • Alex Novotny

    0
    コメントアクション パーマリンク
  • Alex Novotny

    You can use the code here to create the assertion you send in as well! Just log the assertion and comment out the code where it is making the token. 

    0
    コメントアクション パーマリンク
  • saumya sharma

    Hi I am unable to create the assertion using the above code. Could you please let me know the steps you followed for the same.

    Additionally - what is the private key format that is created in the developer console. It doesnt seems to be base64 or PEM.

    0
    コメントアクション パーマリンク
  • Alex Novotny
    • 編集済み
    const fs = require('fs')
    const crypto = require('crypto')
    const jwt = require('jsonwebtoken')

    const config = JSON.parse(
    fs.readFileSync('PATH_TO_FILE')
    )

    let run = async () => {
    // In node we don't need to manually decrypt the
    // key, as the JWT library can handle this for us
    letkey= {
    key: config.boxAppSettings.appAuth.privateKey,
    passphrase: config.boxAppSettings.appAuth.passphrase
    }

    // We will need the authenticationUrl again later,
    // so it is handy to define here
    constauthenticationUrl='https://api.box.com/oauth2/token'

    letclaims= {
    'iss': config.boxAppSettings.clientID,
    'sub': config.enterpriseID,
    'box_sub_type': 'enterprise',
    'aud': authenticationUrl,
    // This is an identifier that helps protect against
    // replay attacks
    'jti': crypto.randomBytes(64).toString('hex'),
    // We give the assertion a lifetime of 45 seconds
    // before it expires
    'exp': Math.floor(Date.now() /1000) +45
    }

    letkeyId=config.boxAppSettings.appAuth.publicKeyID

    // Rather than constructing the JWT assertion manually, we are
    // using the jsonwebtoken library.
    letassertion= jwt.sign(claims, key, {
    // The API support "RS256", "RS384", and "RS512" encryption
    'algorithm': 'RS512',
    'keyid': keyId,
    })
    console.log(assertion)
    }

    run()
    0
    コメントアクション パーマリンク
  • Alex Novotny

    That is the block of code I used.... it uses RS512. 

    0
    コメントアクション パーマリンク
  • Selvi Pandi

    Hi, I have the same issue as grant_type. Could you please share the details how we can authenticate with JWT(headers required fields..), even the app side configuration would help.   

    0
    コメントアクション パーマリンク

サインインしてコメントを残してください。