I’m currently developing a PHP application that uploads and downloads files to and from a folder in Box.
I’ve created a Box App, and it has been approved and enabled by the administrator.
However, when I look at the Developer Console, it still appears that the app is not enabled.
administrator console :
developer console :
In fact, when the application attempts to perform JWT authentication, I get the following error:
GuzzleHttp\Exception\ClientException: Client error: `POST https://api.box.com/oauth2/token` resulted in a `400 Bad Request` response:
{"error":"invalid_grant","error_description":"Please check the 'sub' claim. The 'sub' specified is invalid."}
Here is the relevant portion of my code:
$json = file_get_contents('KEY_PAIR_FILE.json');
$config = json_decode($json);
$private_key = $config->boxAppSettings->appAuth->privateKey;
$passphrase = $config->boxAppSettings->appAuth->passphrase;
$key = openssl_pkey_get_private($private_key, $passphrase);
$authenticationUrl = 'https://api.box.com/oauth2/token';
$claims = [
'iss' => $config->boxAppSettings->clientID,
'sub' => USER_ID,
'box_sub_type' => 'user',
'aud' => $authenticationUrl,
'jti' => base64_encode(random_bytes(64)),
'exp' => time() + 45,
'kid' => $config->boxAppSettings->appAuth->publicKeyID
];
$assertion = JWT::encode($claims, $key, 'RS512');
$params = [
'grant_type' => 'urn:ietf:params:oauth:grant-type:jwt-bearer',
'assertion' => $assertion,
'client_id' => $config->boxAppSettings->clientID,
'client_secret' => $config->boxAppSettings->clientSecret
];
$client = new Client();
$response = $client->request('POST', $authenticationUrl, [
'form_params' => $params
]);
Do you have any idea what could be causing this issue?
Thank you.