Skip to main content
Question

JWT format?


Forum|alt.badge.img
  • New Member
  • 1 reply

Hi,

I am generating a token following the tutorial for JWTs (grant_type: "urn:ietf:params:oauth:grant-type:jwt-bearer"). The API does return an access token, and it does work, but it doesn't seem to have the structure of a JWT (3 sections separated by dots...).

I am requesting it using a RSA key pair to sign the request.

I wonder if the tokens are encoded in a particular way, encrypted, or it is just an access token and not really a JWT.

Thanks!

3 replies

Hello!

The token you are receiving is likely not a traditional JWT but an opaque access token, which is a random string validated by the server without exposing information to the client. This can happen because some APIs use opaque tokens or custom formats for security reasons. Review the API documentation to understand the token format and usage. If the API documentation indicates that it should be a JWT, verify the request and signing process.


 


Forum|alt.badge.img
  • Author
  • New Member
  • 1 reply
  • July 25, 2024

Thanks! That is what I thought, that it could be an access open, and not a JWT, but the documentation seems to indicate that the request is correct to get a JWT (and also the token works). The docs don't seem to get into the details of the JWT structure.

In case it is JWT but with some process to obscure the data, I tried to decrypt it will my private key, but the result doesn't give me a JWT… So it could be Box internal encryption… or I am not reading the right documentation...

It seems that we have some contact with Box. I'' ask.

Thanks again!


Gail207Martinez wrote:

Hello!

The token you are receiving is likely not a traditional JWT but an opaque access token, which is a random string validated by the server without exposing information to the client. This can happen because some APIs use opaque tokens or custom formats for security reasons. Review the API documentation to understand the token format and usage. If the API documentation indicates that it should be a JWT, verify the request and signing process.


 

I hope this serves your need!

summit health patient portal login 


Cookie policy

We use cookies to enhance and personalize your experience. If you accept you agree to our full cookie policy. Learn more about our cookies.

 
Cookie settings