Skip to main content
Question

JWT authentication: "Please check the 'sub' claim. The 'sub' specified is invalid."

  • May 23, 2025
  • 7 replies
  • 70 views
C
Forum|alt.badge.img

Hi!

I'm new to the Box API, and I'm trying (and failing) to get the authentication example working.

I've created a Custom App (in my free individual account, FWIW) and attached a key pair directly in the developer console. I downloaded the JSON file that generated.

Now, I'm trying to follow the Python example at https://github.com/box/box-python-sdk/blob/main/docs/usage/authentication.md#server-auth-with-jwt.

Here's my code, copied from the documentation:

from boxsdk import JWTAuth, Client

auth = JWTAuth.from_settings_file('0_r7gzwmqs_config.json')
client = Client(auth)
service_account = client.user().get()
print(f'Service Account user ID is {service_account.id}')

 

The file 0_r7gzwmqs_config.json is the JSON I downloaded when I created the key pair. Here are the keys (and censored values) in that file:

{
  "boxAppSettings": {
    "clientID": "...",
    "clientSecret": "...",
    "appAuth": {
      "publicKeyID": "...",
      "privateKey": "...",
      "passphrase": "..."
    }
  },
  "enterpriseID": "0"
}
 
I did not edit the file itself.
 
Now, when I run that code -- that I copy-pasted from the documentation -- using the configuration file that the developer console told me to use, I get a BoxOAuthException:
 
boxsdk.exception.BoxOAuthException: 
Message: Please check the 'sub' claim. The 'sub' specified is invalid.
Status: 400
URL: https://api.box.com/oauth2/token
Method: POST
 
Can anyone tell me where I've gone wrong? Thank you!

    7 replies

    C
    Forum|alt.badge.img

    I'm getting the exact same exception using .NET core and I cannot find the reason.

    C
    Forum|alt.badge.img

    Hi Caridad and Alvaro,

    The reason is the enterprise id being 0.

    This is on our side, and there is not much you can do for now.

    I ask for your patience while we resolve the situation, it should be back to normal soon.

    Best regards

    C
    Forum|alt.badge.img

    Dear Box team,

    I have the same issue when I try to enable JWT Authenticating. 

    The sample code is below:

    from boxsdk import JWTAuth, Client

    auth = JWTAuth.from_settings_file('path_to_config.json')
    client = Client(auth)
    service_account = client.user().get()
    print(f'Service Account user ID is {service_account.id}')

    I get an error: {'error': 'invalid_grant',
     'error_description': "Please check the 'sub' claim. The 'sub' specified is "
                          'invalid.'}

    I also have "enterpriseID": "0" in this json file which was generated by the box, I didn't edit it.

    Thank you

    Vasilii 

    C
    Forum|alt.badge.img

    Hi Vasilii,

    It's the same issue on our side.

    I'm told it will be back soon, but unfortunately I don't have a time line.

    In the mean time if you are working for a Box customer with an enterprise id, you can ask them to create a sandbox for you.

    I apologize for this situation.

    Best regards

    C
    Forum|alt.badge.img

    Has there been an update on this particular item re: timeline of a fix.  (enterprise id = 0). 

    I just encountered it as well and found this thread.

    Thanks!

    C
    Forum|alt.badge.img

    Also running into the same problem. Any guidance on how to resolve this? Thank you.

    C
    Forum|alt.badge.img

    Hi foks,

    This forum will be decommissioned soon.

    Please post your questions on forum.box.com

    Best regards

     

    Terms of ServiceAccessibility statement