Setting up Postman with Box JWT Server Authentication

新規投稿

コメント

15件のコメント

  • Hey Kevin, 

    With JWT, its a little different. In Postman, you'll want to use your developer token. Go to the developer console where you made your application. Generate a developer token. After that, you can use that token in the Postman app like below. 

    0
    コメントアクション パーマリンク
  • Hi Alex,

    Your suggesting is good for testing, but how would I put this into production with automation? I want to be able to request a token from the Box application programmatically. It seems like the Request access token endpoint is what I would use, but have not been successful at providing all of the required fields.
    Thanks for your help.

    1
    コメントアクション パーマリンク
  • Hi Jehan! 

    Are you getting a specific error? May I see the parameters you are sending in? 

    Alex

    0
    コメントアクション パーマリンク
  • Hi Alex , 

    I am sending a post request with grant type ,client id and assertion in the body but getting error 'wrong number of segments'. Could you please share what should a correct request look like?

    0
    コメントアクション パーマリンク
  • Hello, 

    I would go through our quick start in the developer documentation - this flow will set up token request flow automatically in Postman. 

    https://developer.box.com/guides/tooling/postman/quick-start/

    0
    コメントアクション パーマリンク
  • Hi , I did follow the steps but i get the same error. Please help.

     

    0
    コメントアクション パーマリンク
  • I just followed the quick start guide again to confirm, and I'm not seeing any issues.Can you share a screenshot of the error you are seeing? 

    0
    コメントアクション パーマリンク
  • Thanks for the quick response. I am trying to fetch the 'access token' using the jwt assertion token .

     

     

    0
    コメントアクション パーマリンク
  • Ah - I see. Yes. The quick start was meant for using an OAuth 2.0 connection - not JWT. I believe you also need to send in your client secret? 

    0
    コメントアクション パーマリンク
  • 0
    コメントアクション パーマリンク
  • You can use the code here to create the assertion you send in as well! Just log the assertion and comment out the code where it is making the token. 

    0
    コメントアクション パーマリンク
  • Hi I am unable to create the assertion using the above code. Could you please let me know the steps you followed for the same.

    Additionally - what is the private key format that is created in the developer console. It doesnt seems to be base64 or PEM.

    0
    コメントアクション パーマリンク
  • Alex Novotny
    const fs = require('fs')
    const crypto = require('crypto')
    const jwt = require('jsonwebtoken')

    const config = JSON.parse(
    fs.readFileSync('PATH_TO_FILE')
    )

    let run = async () => {
    // In node we don't need to manually decrypt the
    // key, as the JWT library can handle this for us
    letkey= {
    key: config.boxAppSettings.appAuth.privateKey,
    passphrase: config.boxAppSettings.appAuth.passphrase
    }

    // We will need the authenticationUrl again later,
    // so it is handy to define here
    constauthenticationUrl='https://api.box.com/oauth2/token'

    letclaims= {
    'iss': config.boxAppSettings.clientID,
    'sub': config.enterpriseID,
    'box_sub_type': 'enterprise',
    'aud': authenticationUrl,
    // This is an identifier that helps protect against
    // replay attacks
    'jti': crypto.randomBytes(64).toString('hex'),
    // We give the assertion a lifetime of 45 seconds
    // before it expires
    'exp': Math.floor(Date.now() /1000) +45
    }

    letkeyId=config.boxAppSettings.appAuth.publicKeyID

    // Rather than constructing the JWT assertion manually, we are
    // using the jsonwebtoken library.
    letassertion= jwt.sign(claims, key, {
    // The API support "RS256", "RS384", and "RS512" encryption
    'algorithm': 'RS512',
    'keyid': keyId,
    })
    console.log(assertion)
    }

    run()
    0
    コメントアクション パーマリンク
  • That is the block of code I used.... it uses RS512. 

    0
    コメントアクション パーマリンク
  • Hi, I have the same issue as grant_type. Could you please share the details how we can authenticate with JWT(headers required fields..), even the app side configuration would help.   

    0
    コメントアクション パーマリンク

サインインしてコメントを残してください。