Hey Kevin, 

With JWT, its a little different. In Postman, you'll want to use your developer token. Go to the developer console where you made your application. Generate a developer token. After that, you can use that token in the Postman app like below. 

Hi Alex,

Your suggesting is good for testing, but how would I put this into production with automation? I want to be able to request a token from the Box application programmatically. It seems like the Request access token endpoint is what I would use, but have not been successful at providing all of the required fields.
Thanks for your help.

Hi Jehan! 

Are you getting a specific error? May I see the parameters you are sending in? 

Alex

Hi Alex , 

I am sending a post request with grant type ,client id and assertion in the body but getting error 'wrong number of segments'. Could you please share what should a correct request look like?

Hello, 

I would go through our quick start in the developer documentation - this flow will set up token request flow automatically in Postman. 

https://developer.box.com/guides/tooling/postman/quick-start/

Hi , I did follow the steps but i get the same error. Please help.

I just followed the quick start guide again to confirm, and I'm not seeing any issues.Can you share a screenshot of the error you are seeing? 

Thanks for the quick response. I am trying to fetch the 'access token' using the jwt assertion token .

Ah - I see. Yes. The quick start was meant for using an OAuth 2.0 connection - not JWT. I believe you also need to send in your client secret? 

You can use the code here to create the assertion you send in as well! Just log the assertion and comment out the code where it is making the token. 

Hi I am unable to create the assertion using the above code. Could you please let me know the steps you followed for the same.

Additionally - what is the private key format that is created in the developer console. It doesnt seems to be base64 or PEM.

const fs = require('fs')

const crypto = require('crypto')

const jwt = require('jsonwebtoken')

const config = JSON.parse(

fs.readFileSync('PATH_TO_FILE')

)

let run = async () => {

// In node we don't need to manually decrypt the

// key, as the JWT library can handle this for us

letkey= {

key: config.boxAppSettings.appAuth.privateKey,

passphrase: config.boxAppSettings.appAuth.passphrase

}

// We will need the authenticationUrl again later,

// so it is handy to define here

constauthenticationUrl='https://api.box.com/oauth2/token'

letclaims= {

'iss': config.boxAppSettings.clientID,

'sub': config.enterpriseID,

'box_sub_type': 'enterprise',

'aud': authenticationUrl,

// This is an identifier that helps protect against

// replay attacks

'jti': crypto.randomBytes(64).toString('hex'),

// We give the assertion a lifetime of 45 seconds

// before it expires

'exp': Math.floor(Date.now() /1000) +45

}

letkeyId=config.boxAppSettings.appAuth.publicKeyID

// Rather than constructing the JWT assertion manually, we are

// using the jsonwebtoken library.

letassertion= jwt.sign(claims, key, {

// The API support "RS256", "RS384", and "RS512" encryption

'algorithm': 'RS512',

'keyid': keyId,

})

console.log(assertion)

}

run()

That is the block of code I used.... it uses RS512. 

Hi, I have the same issue as grant_type. Could you please share the details how we can authenticate with JWT(headers required fields..), even the app side configuration would help.