Skip to main content
Question

Stuck at Constructing the JWT Assertion

  • May 22, 2025
  • 2 replies
  • 10 views
C
Forum|alt.badge.img

So I have gone through steps 1 through 3 listed here in setting up my application. I am now going through the process of creating a JWT. I understand the header, however, I am confused as to the "sub" field in the payload of the JWT. The documentation says the "sub" field is either of the following

 

  • enterprise_id for a token specific to an enterprise when creating and managing app users.
  • app user_id for a token specific to an individual app user.

How can I get an "app user_id" if I have not yet created an App User? That step is #8 and has not taken place yet?

    2 replies

    C
    Forum|alt.badge.img

     Here's the process to create an App User using JWT authentication and then generate an access token for that App User:

    1. Generate an enterprise access token using JWT authentication. For the sub field, specify your enterprise id as the value. Your enterprise id is available on this page.
    2. Create an App User using this endpoint. Use the enterprise access token from step 1 to authenticate.
    3. Generate an App User access token using JWT authentication. For the sub field, specify the id for the App User you created in step 2 as the value.
    C
    Forum|alt.badge.img

     

    Thanks for the reply! I see now how to generate the App User access token. How does this get me to where I can access a Box.com users files? At some point, I would need an access token specific to a Box.com user's account so I could read/write files to their account. My application is a service that runs nightly so there is no end user involvement.

    Terms of ServiceAccessibility statement