I can see where <Client_Id>, <Client_Secret>, <Enterprise_Id>, <Private_Key> all comes from (I can get these from the Configuration section of my app within Box.com). However, where do the last two values come from?
I am familiar with a JWT and though I know it is signed with a signature produced from a HMAC of the Header and Payload and passphrase.
However, I am not familiar with a JWT_Private_Key_Password or JWT_Public_Key_Id.
Re: Where to get JWT_Private_Key_Password and JWT_Public_Key_Id
When you create a public private keypair, password is what you set while doing so. If you didn't set a password you don't have a passphrase.
If you used the Box Developer Console's Public/Private keypair generation feature, we automatically set the password and it should be inside the downloaded json configuration file. If you don't have this configuration file anymore, you will have to re-create the public/private keypair which will download a new configuration file again, with all the details you need.
As for the public key id, its the id of the public key you add to the app in the developer console.