Hi,
I am generating a token following the tutorial for JWTs (grant_type: "urn:ietf:params:oauth:grant-type:jwt-bearer"). The API does return an access token, and it does work, but it doesn't seem to have the structure of a JWT (3 sections separated by dots...).
I am requesting it using a RSA key pair to sign the request.
I wonder if the tokens are encoded in a particular way, encrypted, or it is just an access token and not really a JWT.
Thanks!
Hello!
The token you are receiving is likely not a traditional JWT but an opaque access token, which is a random string validated by the server without exposing information to the client. This can happen because some APIs use opaque tokens or custom formats for security reasons. Review the API documentation to understand the token format and usage. If the API documentation indicates that it should be a JWT, verify the request and signing process.
Thanks! That is what I thought, that it could be an access open, and not a JWT, but the documentation seems to indicate that the request is correct to get a JWT (and also the token works). The docs don't seem to get into the details of the JWT structure.
In case it is JWT but with some process to obscure the data, I tried to decrypt it will my private key, but the result doesn't give me a JWT… So it could be Box internal encryption… or I am not reading the right documentation...
It seems that we have some contact with Box. I'' ask.
Thanks again!
Hello!
The token you are receiving is likely not a traditional JWT but an opaque access token, which is a random string validated by the server without exposing information to the client. This can happen because some APIs use opaque tokens or custom formats for security reasons. Review the API documentation to understand the token format and usage. If the API documentation indicates that it should be a JWT, verify the request and signing process.
I hope this serves your need!
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.
