Hello!

The token you are receiving is likely not a traditional JWT but an opaque access token, which is a random string validated by the server without exposing information to the client. This can happen because some APIs use opaque tokens or custom formats for security reasons. Review the API documentation to understand the token format and usage. If the API documentation indicates that it should be a JWT, verify the request and signing process.

Thanks! That is what I thought, that it could be an access open, and not a JWT, but the documentation seems to indicate that the request is correct to get a JWT (and also the token works). The docs don't seem to get into the details of the JWT structure.

In case it is JWT but with some process to obscure the data, I tried to decrypt it will my private key, but the result doesn't give me a JWT… So it could be Box internal encryption… or I am not reading the right documentation...

It seems that we have some contact with Box. I'' ask.

Thanks again!

I hope this serves your need!

summit health patient portal login