Skip to main content
Question

Authorization Issue


Hello all, I’m trying to upload my first app on box. I’m coding in python, using JWT authorization and my company Admin has authorized the application. When I make my authorization call to box, I am returned the following error:

 

{'error': 'invalid_client', 'error_description': 'The client credentials are invalid'}

 

At the moment, I’ve bypassed it with a developer token, but would still like to know what is causing the issue. Please help!

 

Here is my code:

'Import two classes from the boxsdk module - Client and OAuth2'
from boxsdk.client import Client

 

'Configure the JSON'
import json
import os

os.chdir('C:\\Users\\Kanayo\\anaconda3')
config = json.load(open('219128_0poxwjnz_config.json'))

'decrypt private key'
from cryptography.hazmat.backends import default_backend
from cryptography.hazmat.primitives.serialization import load_pem_private_key

 

appAuth = config["boxAppSettings"]["appAuth"]
privateKey = appAuth["privateKey"]
passphrase = appAuth["passphrase"]

key = load_pem_private_key(
    data=privateKey.encode('utf8'),
    password = passphrase.encode('utf8'),
    backend = default_backend()
    )
'Create JWT assertion'
import time
import secrets

authentication_url = 'https://api.box.com/oauth2/token'

"payload creation - Claims"
claims = {
    'iss': config['boxAppSettings']['clientID'],
    'sub': config['enterpriseID'],
    'box_sub_type': 'enterprise',
    'aud': authentication_url,
    'jti': secrets.token_hex(31),
    'exp': round(time.time())+30
    }


'Signature - Private key'
import jwt

keyID = config['boxAppSettings']['appAuth']['publicKeyID']

assertion = jwt.encode(
    claims,
    key,
    algorithm = 'RS512',
    headers={
        'kid':keyID
        }
    )

'Request Access Token'
import requests

params = {
    'grant_type': 'urn:ietf:params:oauth:grant-type:jwt-bearer',
    'assertion': assertion,
    'client_id': config['boxAppSettings']['clientID'],
    'cllient_secret': config['boxAppSettings']['clientSecret']
    }
response = requests.post(authentication_url, params)
ACCESS_TOKEN = response.json()['access_token']

 

 

0 replies

Be the first to reply!

Cookie policy

We use cookies to enhance and personalize your experience. If you accept you agree to our full cookie policy. Learn more about our cookies.

 
Cookie settings