Skip to main content
Question

Box Integration using OAuth 2.0 with JWT

  • May 21, 2025
  • 5 replies
  • 97 views
C
Forum|alt.badge.img

Hi, 

 

I am a bit confused as to where the public and private key will come from. 

Looking at the box developer configuration page, it looks like when I use the "Generate Public/Private Key pair" button and download the generated json, that's it. But now when I copy that generated private key in BoxPlatformApiConnection of the SDK it' s not working. Can someone please explain exactly all the steps required to implement Box Integration with JWT (with indications of where that step will be either in salesforce or box or my own pc).

 

This is the use case we are trying to achieve:

 

1. Use Box managed package in Salesforce (Working so far)

2.  Extend the managed package with the Developer Kit to create folder automatically (Working so far)

3.  Extend the whole Box Integration with the SDK to do background upload and handle metadata  (No idea how to go about it)

 

Can we use the "service account" used by the managed package to do part 3 with SDK?

    5 replies

    C
    Forum|alt.badge.img

    After few hours of try and failure, I finally managed to get OAuth 2.0 with JWT in Salesforce for Entreprise Application Access to work, I have added more context or command to the Box Salesforce SDK documentation on platform App Auth here:

     

    https://github.com/kapeshifk/box-salesforce-sdk/blob/master/doc/platform.md

     

     

    Notes:

    The added examples work as of Box 2.0, use Cygwin to run the highlighted commands. (I generated my own private/public key pair because the one generated in Box is difficult to use on salesforce as it is generated as encrypted while salesforce only work with decrypted private keys).
    To use the userId type of authentication, make sure Application Access in Developer console is set to Entreprise.

    C
    Forum|alt.badge.img

     

     

    We are doing a similar thing and have a quick question on the below part from your implementation.

     

    1. It was mentioned that you are using your own public/private key rather than using BOX generated ones.

    2. How are you passing your own public/private key into the BOX configuration? In our experience, manually adding the public key is resulting in the JSON being left blank for the keys.

     

    Your response is appreciated. Thanks.

     

    C
    Forum|alt.badge.img

     I will reply to your questions above later today when I have some time after work.

     

    Can you elaborate on what you mean by 'Box configuration', is this the configuration in 'Developer Console' of the box app?

    C
    Forum|alt.badge.img

    thank you!

     

    Yes, the config from the developer console...

    C
    Forum|alt.badge.img

    1. It was mentioned that you are using your own public/private key rather than using BOX generated ones.

    - I generated my own public/private key (I used Cygwin to generate public/private keys, you can try GitBash):

    openssl genrsa -aes256 -out private_key.pem 2048
openssl rsa -pubout -in private_key.pem -out public_key.pem

    - Salesforce (last time I used it) doesn't handle encrypted private keys so you have to decrypt the key (make sure only admin people can access this key as it's already decrypted - doesn't need passphrase anymore)

    openssl pkcs8 -topk8 -nocrypt -in private_key.pem -out decryptedkey.pem

    - Salesforce (again) doesn't like whitespace, use command below to remove white space from decrypted key:

    awk 'NF {sub(/\r/, ""); printf "%s",$0;}' decryptedkey.pem

    copy the decrypted key without the -----BEGIN PRIVATE KEY-----, and the -----END PRIVATE KEY-----

    The copied key is your private key which you will use in your client application (in my case Salesforce).

     

    2. How are you passing your own public/private key into the BOX configuration? In our experience, manually adding the public key is resulting in the JSON being left blank for the keys.

     

    You don't pass the private key in Box Configuration. You only pass the public key. From the Developer Console under Configuration. Click the "Add a public key" button, copy and paste inside the public key, you can get the content of the public key using:

     

    cat public_key.pem

     

    Once you paste and click "Verify and save", Box will generate a "public key id", you will then use this public key id in your application, together with the private key to authenticate using Box SDK helpers.

     

    I documented all this here: https://github.com/kapeshifk/box-salesforce-sdk/blob/master/doc/platform.md

     

    But here is the example code:

     

    String enterpriseId = 'YOUR_ENTERPRISE_ID'; //You get this from Dev Console in the box app
String publicKeyId = 'YOUR_PUBLIC_KEY_ID'; //This is the public key id generated by box
String privateKey = 'YOUR_PRIVATE_KEY'; //This is the decrypted one (as needed by salesforce)
String clientId = 'YOUR_CLIENT_ID'; //You get this from Dev Console in the box app
String clientSecret = 'YOUR_CLIENT_SECRET'; //You get this from Dev Console in the box app

BoxJwtEncryptionPreferences preferences = new BoxJwtEncryptionPreferences();
preferences.setPublicKeyId(publicKeyId);
preferences.setPrivateKey(privateKey);
BoxPlatformApiConnection api = BoxPlatformApiConnection.getAppEnterpriseConnection(enterpriseId, clientId, clientSecret, preferences);

     

    Terms of ServiceAccessibility statement