Hello 👋,

You might double check via the information on this page. I think you are missing the box_sub_type variable.

Thanks,


Alex, Box Developer Advocate 🥑

Sorry, I wasnt able to follow that. Is there a reason why you suggested me to look at “JWT without SDKs”? I had been trying to authenticate using “JWT with SDKs” all this while. Do you have any sample python script on how to read the folders in Box if I use “JWT without SDKs” for authentication?

my apologies. you are right! Normally when I see the sub error its due to some issue when coding without using the sdks.

do you mind sharing the client id with me?

No problem. The ID is eier6omdhmug8wz0in9i3i4ziza8ye8k

I will test out your code locally and see if I get anything different. I’ll report my results after I finish.

I have same problem statement. My request fails with {‘error’: ‘invalid_grant’,


‘error_description’: "Please check the ‘sub’ claim. The ‘sub’ specified is "


‘invalid.’} My enterprise ID is zero.

Hi rajeev2186,

In order to use applications with authentication types other than OAuth 2.0, you’d need to have a paid enterprise account. Free accounts do not have access to other authentication methods. We are working on launching our new free devleoper accounts in the near future.

Thanks,


Alex

Hi @Joy

From a python and Box SDK perspective, your code works flawlessly, so it must be permission, @smartoneinok is following up with you.

I just wanted to give you a tip relative to the construction of the JWTAuth.


You do not need to build it manually just to use an user.

If you need to authenticate a user from a JWTAuth object, you can re-use the settings, and just call the .authenticate_user(xyx) passing either a user_id or a User object.

Consider this sample:

""" Demo on using user identification on a JWT application"""





from typing import Union


from boxsdk import JWTAuth, Client


from boxsdk.object.user import User





USER_ID = "18622116055"


APP_USER_ID = "29599235430"





def get_client_user(user: [Union[str, "User"]]) -> Client:


    """Get client user"""


    auth = JWTAuth.from_settings_file(".config.json")


    auth.authenticate_user(user)


    return Client(auth)








def get_client_enterprise() -> Client:


    """Get client enterprise"""


    auth = JWTAuth.from_settings_file(".config.json")


    # auth.authenticate_instance() # by default it authenticates the enterprise


    return Client(auth)








def main():


    client_enterprise = get_client_enterprise()


    me = client_enterprise.user(user_id="me").get()


    print(f"Service Account: {me.id} {me.name} {me.login}")





    client_user = get_client_user(USER_ID)


    me = client_user.user(user_id="me").get()


    print(f"User Account: {me.id} {me.name} {me.login}")





    app_user = client_enterprise.user(user_id=APP_USER_ID).get()


    client_user_app = get_client_user(app_user)


    me = client_user_app.user(user_id="me").get()


    print(f"App User Account: {me.id} {me.name} {me.login}")








if __name__ == "__main__":


    main()

Results in:

Service Account: 20344589936 UI-Elements-Sample AutomationUser_1841316_RbcnIM9B2l@boxdevedition.com


User Account: 18622116055 Rui Barbosa barduinor@gmail.com


App User Account: 29599235430 Test APP User AppUser_1841316_afcI7DCbFn@boxdevedition.com

Cheers

Thank you for all the replies. The fix was simple. I shouldnt be using both Service account and app user to authenticate. The sample available in Git might have misled me.

from boxsdk import JWTAuth, Client





auth = JWTAuth.from_settings_file('./settings_config.json')


service_account_client = Client(auth)

The above code helped me connect to Box and see the folders and files as an enterprise user. The below code was NOT necessary.

app_user = service_account_client.user(user_id='xxxx')





app_user_auth = JWTAuth(


    client_id=config_json['boxAppSettings']['clientID'],


    client_secret=config_json['boxAppSettings']['clientSecret'],


    user=app_user,


    jwt_key_id=config_json['boxAppSettings']['appAuth']['publicKeyID'],


    rsa_private_key_data= config_json['boxAppSettings']['appAuth']['privateKey'],


    rsa_private_key_passphrase=config_json['boxAppSettings']['appAuth']['passphrase'],


    enterprise_id=config_json["enterpriseID"]


)


app_user_auth.authenticate_user()


app_user_client = Client(app_user_auth)

Thanks for reporting back! I thought we tried that on the phone yesterday? Did you change something else after?

Yes, We tried that yesterday but for some reason it didnt work. I created a new python environment and reinstalled the boxsdk library, after that service account client authentication worked just fine (but not mix of both authentications).