Alternative to authenticate without JWT config file?

Highlighted
Occasional Contributor

Alternative to authenticate without JWT config file?

I am using JWT as Auth Type for the custom app. Is there an alternative to the JWT config file, like a programmatic way via API calls to get the config and load it?

 

Thanks,

Vishal

1 REPLY 1
Highlighted
Box Employee

Re: Alternative to authenticate without JWT config file?

Hi @vmali,

 

There isn't a programmatic way of fetching the config JSON file, but there is an alternative to using it. 

 

First, you'll need to generate your own public / private keypair and add it to the app, described here.

 

Next, when you're going through the Box auth process instead of supplying the config file you'll instead supply all of the information directly. I believe you were using Java in previous questions, so it would look something like this to auth as the service account:

 

JWTEncryptionPreferences jwtPreferences = new JWTEncryptionPreferences();
jwtPreferences.setPublicKeyID("PUBLIC-KEY-ID");
jwtPreferences.setPrivateKeyPassword("PRIVATE-KEY-PASSWORD");
jwtPreferences.setPrivateKey("PRIVATE-KEY");
jwtPreferences.setEncryptionAlgorithm(EncryptionAlgorithm.RSA_SHA_256);

BoxConfig boxConfig = new BoxConfig("YOUR-CLIENT-ID", "YOUR-CLIENT-SECRET", "ENTERPRISE-ID", jwtPreferences);

BoxDeveloperEditionAPIConnection api = BoxDeveloperEditionAPIConnection.getAppEnterpriseConnection(boxConfig);

 

There are also additional examples here.

 

If you're not sure where your enterprise ID is, if you look at the very bottom of the same page on your app where you generate the config JSON file (or add your own keys) there will be a JSON object with those details.

 

- Jon