Skip to main content
Question

Java SDK JWT authentication

  • May 21, 2025
  • 3 replies
  • 99 views
C
Forum|alt.badge.img

HI Team,

I have two accounts in Box . one is developer account (d1) and another enterprise account (e1) as managed user

using my developer account(d1), I created sample app (PIP) and standalone java program using JWT authentication to upload a file to box account. It worked fine.

When I use create new app in my enterprise account and same java program to connect to the enterprise box account I am not able to get the BoxAPIConnection.
Can please let us know what is wrong here from developer account to enterprise account ?

Note: I use account specific values like enterprise id, client key, client secret, private, public keys and API keys to authorize the app.

Below is the snippet of the code.

JWTEncryptionPreferences encryption = new JWTEncryptionPreferences();
encryption.setPublicKeyID("publickeyId111");
FileInputStream fis = null;
Reader is = null;

try {
fis = new FileInputStream("privateKey.pem");
is = new InputStreamReader(fis);
encryption.setPrivateKey(IOUtils.toString(is));
encryption.setPrivateKeyPassword("");
encryption.setEncryptionAlgorithm(EncryptionAlgorithm.RSA_SHA_256);

IAccessTokenCache accessTokenCache = new InMemoryLRUAccessTokenCache(1);
BoxAPIConnection api = BoxDeveloperEditionAPIConnection.getAppEnterpriseConnection("xxx", "clientkey111", "clientscrent111", encryption, accessTokenCache);
System.out.println("Box api created.... {}" + api.getAccessToken());

} catch (Exception e) {
e.printStackTrace();
}

    3 replies

    C
    Forum|alt.badge.img

    If you get your managed user like this:

     

    BoxDeveloperEditionAPIConnection userApi = BoxDeveloperEditionAPIConnection.getAppUserConnection("userid", CLIENT_ID, CLIENT_SECRET, encryptionPref, accessTokenCache);

    that should work.

     

    Here's the entire example:

    https://github.com/kendomen/BoxJavaJWTExamples/blob/master/src/com/nike/box/UploadFileAsEnterpriseAdmin.java

    C
    Forum|alt.badge.img

    Thank you for your reply ...

     

    I replaced Enterprise id with userID  got below exception

     

    BoxDeveloperEditionAPIConnection userApi = BoxDeveloperEditionAPIConnection.getAppUserConnection("userid","fthdms9f0s89nwfvsl4uamikeu7txh20", "3wUzMT7cjWktvEmlcddzSSLpUFmcteWl", encryption, accessTokenCache);

     

    {invalid_grant","error_description":"Please check the 'exp' claim."} , i found solution  to

    update the Unix time on your machine to match the Unix time  ,

    but i am using windows machine. how can i set this unix time or set 'exp' claim programatically  ?

     

    Any help is greatly appreciated..

     

    C
    Forum|alt.badge.img

    That's in box-java-sdk in class BoxDeveloperEditionApiConnection

     

    private String constructJWTAssertion() {
        JwtClaims claims = new JwtClaims();
        claims.setIssuer(this.getClientID());
        claims.setAudience(JWT_AUDIENCE);
        claims.setExpirationTimeMinutesInTheFuture(1.0f);
        claims.setSubject(this.entityID);
        claims.setClaim("box_sub_type", this.entityType.toString());
        claims.setGeneratedJwtId(64);

        JsonWebSignature jws = new JsonWebSignature();
        jws.setPayload(claims.toJson());
        jws.setKey(this.decryptPrivateKey());
        jws.setAlgorithmHeaderValue(this.getAlgorithmIdentifier());
        jws.setHeader("typ", "JWT");

     

    Terms of ServiceAccessibility statement