Skip to main content

Hi,


I'm trying to obtain access token from JWT credentials grant. I tested a lot of scenarios, but all ended with different http 400 error.   I’m sending the JWT data according to specification “JWT without SDK” and it also ends up with http error 400. I tested various options, and  sometimes I got more meaningful error messages like more “Please check the 'sub' claim. The 'sub' specified is invalid.” That type errors I was able to fix. But I have no idea why I’m getting  the error response ":"The client credentials are invalid" whe all seesm to bo OK according to JWT without SDK guide


I aslo  attmpted to use logogn as service accoun "user"  but it failed. See result bellow  Based on all of this I believe I’m sending right JWT token content but I  got only error response . Can you help with this issue


Thanks,


Andrzej


 


HTTP status: 400


Error code : badrequest


Response :{"error":"invalid_client","error_description":"The client credentials are invalid"}


 


The reques is posted to  endpoint    https://api.box.com/oauth2/token   and  it look like this


JWT TOKEN


grant_type=urn%3Aietf%3Aparams%3Aoauth%3Agrant-type%3Ajwt-bearer&assertion=% header.payload.signature here ] &client_id=we7so1r05na94npuz7l6lhjo5oj9nk5u&client_secretjvalue from config.json file here]


The decoded assetion part  JWT data look like this  


            {


 typ: "JWT",


 alg: "RS512",


 kid: "y63fp--------- part of value removed] "


}.


{


 iss: "we7so1r05na94npuz7l6lhjo5oj--------- part of  removed] ",


 sub: "810013",


 box_sub_type: "enterprise",


 aud: "https://api.box.com/oauth2/token",


 jti: "JWT-Worday-1691057022067",


 exp: 1691057077


}.


signature]


 


I suscesfully checked the following:


  • Decoding JWT token - it was OK.

  • Decrypting the private key via code and compare inf with openssl decoded key it was OK.

  • Trying to use node.js SDK to generate token – OK - the token content looks similar.

 


Other attempts


I also experimented login as “user” by  means of providing different values for  “iss” and “box_sub_type” fields.


The result were  


In JWT token  I set in "iss" field  value of "service account name"


In JWT token  I set in "sub" field  value of "user"


 


Error code : badrequest


Response :{"error":"invalid_grant","error_description":"Please check the 'iss' claim. The client id specified is invalid."}


 


In JWT token  I set in "iss" field  there is  value of Oauth2.0 client ID


In JWT token  I set in "sub" field  value of "user"


 


Response :{"error":"invalid_grant","error_description":"Please check the 'sub' claim. The 'sub' specified is invalid."}


 


 


 

Hi Andrzej, 


Welcome to Box Community and glad to assist! 


A member of our team will step in to provide assistance. Please keep an eye out and we'll send an email. 


Thanks for posting! 

Hi,
I am also facing a similar issue, can someone please guide how can I resolve it.
Thanks,
Jagriti

Reply


Terms & ConditionsCookie settings