Skip to main content
Question

Configure App Settings for JTW Authentication

  • May 21, 2025
  • 5 replies
  • 50 views
C
Forum|alt.badge.img

Hello,

 

I'm currently trying to properly configure my app for use with the Node SDK in order to establish an App Auth Client. 

 

I've generated an RSA keypair through the Box Dev console and I have my credentials in a JSON file. 

The console notes that: "You can import this file into our SDKs to easily configure your app". However, I haven't found much documentation on the Node SDK to specifically do this.

 

The Node SDK has an example app I've been looking at. But in that the credentials (clientID, publciKey, etc.) are hard-coded in. Specfically for the privateKey, they advise you should put in the path to a .pem file. I'm not exactly sure how to generate the a .pem file for my private key (which again was only given to me through JSON). I'm aware I could use OpenSSL and such, but I'm not sure I want to go through those hoops. 

 

Does anyone have advice / best practices for how to set up App Auth using JWT on Node?

 

Thanks!

    5 replies

    C
    Forum|alt.badge.img

    This is new to me too and I haven't seen docs on it but here's what I tried and it seems to work...

     

    1.  npm install config

    2.  mkdir config in the working directory

    3.  I copied the generated config.json file to the config directory and renamed it to default.json

    and then I ran this code...

     

    var BoxSDK = require('box-node-sdk');
var config = require('config');

var sdk = new BoxSDK({
    clientID: config.get('boxAppSettings.clientID'),
    clientSecret: config.get('boxAppSettings.clientSecret'),
    appAuth: {
      keyID: config.get('boxAppSettings.appAuth.publicKeyID'),
      privateKey: config.get('boxAppSettings.appAuth.privateKey'),
      passphrase: config.get('boxAppSettings.appAuth.passphrase')
    }
});

var adminAPIClient = sdk.getAppAuthClient('enterprise', "******");

     

    C
    Forum|alt.badge.img

    What format did you put the private key into your JSON file? (not trying to spoof, just looking for the format)

     

    e.g. If my private key file looks like this (with line breaks):

     

     

    -----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: AES-256-CBC,1A1111A11A1A1A1AA11111AA11111A11

bUncH0fL3ttEr5and
Symb0lsW1thL1nE/
Break5+Aab1Dc1d3
-----END RSA PRIVATE KEY-----

     

    How do I type that into the value for the privateKey in my app settings json file? Do I need to retain line breaks (is that possible)?

    {
    "boxAppSettings": {
        "clientID": "something",
        "clientSecret": "secretsomething",
        "appAuth": {
            "publicKeyID": "12E4567B",
            "privateKey": "???",
            "passphrase": "password"
        }
    },
    "enterpriseID": "012345",
    "webhooks": {
        "primaryKey": "s0mePr1maryK3y"
    }
}
    C
    Forum|alt.badge.img

    Solved my own question.

     

    1) I clicked the "Generate a Public/Private Keypair" button.

    2) The downloaded JSON file answered my formatting question.

    C
    Forum|alt.badge.img

    What did you do with the string? i.e. What did you do to create the pem file, and did you use openssl (using your passphrase) to decrypt it for use in your app?

     

    I generated my own, then decrypted all on openssl, but I'd like to try with the auto generated key pair that Box provides.

     

    Thanks in advance!

    C
    Forum|alt.badge.img

    https://github.com/box/box-node-sdk#user-content-app-auth-client gives a similar example:

    var serviceAccountClient = sdk.getAppAuthClient('enterprise', 'APP_ENTERPRISE_ID');

    Where does one find one's 'APP_ENTERPRISE_ID' ? There is a "enterpriseID" property in the json file I pass into the Node SDK constructor; is that it?

    Terms of ServiceAccessibility statement