Skip to main content
Question

Ruby SDK Giving Error: "Neither PUB key nor PRIV key"

  • May 22, 2025
  • 5 replies
  • 87 views
C
Forum|alt.badge.img

I created a quick proof-of-concept which worked great with my developer token.

Now I'm trying to authenticate with OAuth JWT and I can't get it working.

Currently my script is supposed to get the enterprise token to use for authentication. When I run it, it returns the error

boxtest.rb:17:in `initialize': Neither PUB key nor PRIV key: nested asn1 error (OpenSSL::PKey::RSAError)

 

The JWT_SECRET_KEY_PATH setting points to the full path of a file that only contains the string for the private key. I've verified that it's being read in correctly. I've tried changing the format of the contents of the file (removing the comments and newlines) but it made no difference.

 

require 'dotenv'
Dotenv.load(".env")
require 'boxr'
require 'openssl'

private_key = OpenSSL::PKey::RSA.new(File.read(ENV['JWT_SECRET_KEY_PATH']), ENV['JWT_SECRET_KEY_PASSWORD'])

response = Boxr::get_enterprise_token(
  private_key: private_key,
  private_key_password: ENV['JWT_SECRET_KEY_PASSWORD'],
  public_key_id: ENV['JWT_PUBLIC_KEY_ID'],
  enterprise_id: ENV['BOX_ENTERPRISE_ID'],
  client_id: ENV['BOX_CLIENT_ID'],
  client_secret: ENV['BOX_CLIENT_SECRET']
)

puts response

 

I'm using the ruby SDK with ruby 2.3.1p112

 

Thanks!

    5 replies

    C
    Forum|alt.badge.img

     This seems like a string formatting issue, but I'm not sure what specifically is causing the error. An alternative approach would be using the developer console feature that lets you automatically generate JWT authentication credentials for your application. We have a guide within our developer documentation that walks through how to use that feature with the Ruby SDK.

    C
    Forum|alt.badge.img

    Thanks for that!

     

    I got my key situation resolved by reading in the .json file from Box and parsing it:

     

     

    file = File.read(ENV['JWT_CREDENTIALS_PATH'])
credentialsHash = JSON.parse(file)

#Parse credentials
privateKey = credentialsHash['boxAppSettings']['appAuth']['privateKey'].to_s
publicKeyId = credentialsHash['boxAppSettings']['appAuth']['publicKeyID'].to_s
privateKeyPassword = credentialsHash['boxAppSettings']['appAuth']['passphrase'].to_s
enterpriseId = credentialsHash['enterpriseID'].to_s
clientId = credentialsHash['boxAppSettings']['clientID'].to_s
clientSecret = credentialsHash['boxAppSettings']['clientSecret'].to_s

response = Boxr::get_enterprise_token(
  private_key: privateKey,
  private_key_password: privateKeyPassword,
  public_key_id: publicKeyId,
  enterprise_id: enterpriseId,
  client_id: clientId,
  client_secret: clientSecret
)

     

    Now my problem is that I get a 400 error saying that my app is not authorized.

     

     

    C:/Ruby23-x64/lib/ruby/gems/2.3.0/gems/boxr-1.4.0/lib/boxr/auth.rb:90:in `auth_post': 400: {"error":"unauthorized_client","error_description":"This app is not authorized by the enterprise admin"} (Boxr::BoxrError)
        from C:/Ruby23-x64/lib/ruby/gems/2.3.0/gems/boxr-1.4.0/lib/boxr/auth.rb:24:in `get_tokens'
        from C:/Ruby23-x64/lib/ruby/gems/2.3.0/gems/boxr-1.4.0/lib/boxr/auth.rb:32:in `get_enterprise_token'
        from boxtest.rb:32:in `'

     

    I checked with the Box admins for my organization and they verified that my client ID has been granted access. Why would I still be getting this error?

     

    My script works if I bypass all of this with the developer token, but I'd like to get the auth working properly.

    C
    Forum|alt.badge.img

     By any chance, did you change your application's permissions after your application was authorized by your Box Admin? If so, you would need to ask your Box Admin to re-authorize your application. 

    C
    Forum|alt.badge.img

    I did not. I did change the auth type to use traditional OAuth instead of JWT.

    I can't even get the examples provided with the SDK to work. When I try to run this one to figure out how to use OAuth, ruby just locks up and I don't get any output.

    C
    Forum|alt.badge.img

    I got the oauth example working by adding this near to the top of my script:

    STDOUT.sync = true

    I think I'm finally over the initial hurdle to get auth working.

    Terms of ServiceAccessibility statement