Skip to main content
Question

RSA-SHA256 JWT Box Integration

  • May 22, 2025
  • 2 replies
  • 64 views
C
Forum|alt.badge.img

I'm using Box.com for my application. For that I am creating JWT assertion by JavaScript and for that we need 3 parts:

.,.

I have written JavaScript code for SHA256 to generate JWT based on JWT.io, while I am unable to do for RSA-SHA256. Actually i am able to generate header, Payload but unable to generate signature part in RSA-SHA256
So as per Box document, they've given the steps to create HEADER and CLAIMS, but not about how to create SIGNATURE. I've also browsed in external sources, all sources have been made with HS256 algorithms. But Box.com API supports only “RS256″, “RS384″, and “RS512″ algorithms.

So my question here is, how to create SIGNATURE part with RS256 algorithms. Any help would be appreciated.

 

 

    2 replies

    C
    Forum|alt.badge.img

     I am not sure if this will help, but here is how our Noke SDK generates a token using JWT authentication.

    C
    Forum|alt.badge.img
    Thanks for sharing document but that is not working at our end for RSA-SHA256, 
    and I need 1 source code of any either JavaScript or NodeJS because 
    my system is not accepting any reference call like: Module, require is not defined:

    var     jwt = require('jsonwebtoken');
var fs = require('fs');
var base64url = require("base64url");
var request = require('request');
var client_id = 123
var client_secret = 123
var key = fs.readFileSync('23er444'); 
var passphrase = 3444
var exp = Math.round((Date.now()/1000))+60;

var header = {
"alg": "RS256",
"typ": "JWT",
"kid": keyID
 };
var claims = {
"iss": client_id,
"sub": "sss",
"box_sub_type": "user",
"aud": "https://api.box.com/oauth2/token",
"jti": "ddsss",
"exp": exp
  };

  var encodedHeader = base64url(new Buffer(JSON.stringify(header)));
  var payload = base64url(new Buffer(JSON.stringify(claims)));

  var signature = jwt.sign(encodedHeader + '.' + payload, {key: key, 
  passphrase: passphrase}, {algorithm: 'RS256'});
  var encodedsignature = base64url(new Buffer(JSON.stringify(signature)));
  var jwt = encodedHeader + "." + payload + "." + encodedsignature;
   return jwt;

 var options = { uri: 'https://api.box.com/oauth2/token',method: 'POST',json: true,headers: {'content-type': 'application/x-www-form-urlencoded'},body: 'grant_type=urn:ietf:params:oauth:grant-type:jwt-bearer&client_id=' + 
   client_id + '&client_secret=' + client_secret + '&assertion=' + jwt
   };

        

    Terms of ServiceAccessibility statement