Error when uploading through webforms using Box API

SOLVED
Go to solution
Highlighted
Occasional Contributor

Error when uploading through webforms using Box API

Hi all!

We have a few webforms that use the Box API to allow users to upload images to Box while completing the forms. In the last two weeks, we have started seeing that uploading rarely works and is throwing an error. The console shows a CORS error, while the response header shows: 

WWW-Authenticate:
Bearer realm="Service", error="invalid_request", error_description="Malformed auth header"
 
Any ideas why this would suddenly start popping up? We haven't made any changes on our end.
Tags (2)
5 REPLIES 5
Highlighted
Box Employee

Re: Error when uploading through webforms using Box API

Hi @mlandgraf ,

 

Sorry to hear about the issues! This might be a good request as a Support Ticket, but just as a sanity check, what does the Request header look like? Obfuscate the access token of course, but what I'd want to make sure is that the app is following the convention of "Authorization: Bearer <token>".

 

As an additional sanity check, do you see any difference in the network tabs between the successful uploads and failed uploads?

 

Thanks,

Jason

Highlighted
Occasional Contributor

Re: Error when uploading through webforms using Box API

Hi Jason,

 

Our header is defined in our code like this. I'll X out certain portions for privacy:

var oHeader = {
        "alg": "RS256",
        "typ": "JWT",
        "kid": "XXXXXXXX"
    };
 
Here is the payload:
    var oPayload = {
        "iss": client_id,
        "sub": "XXXXXXXXX",
        "box_sub_type": "user",
        "aud": "https://api.box.com/oauth2/token",
        "jti": jti,
        "exp": exp_date
    };
 
    //Generate the JWT signature
    var sHeader = JSON.stringify(oHeader);
    var sPayload = JSON.stringify(oPayload);
    var jwt_signature = KJUR.jws.JWS.sign("RS256"sHeadersPayloadprivate_key);

    //Make the request for the access code
    var post_data = 'grant_type=urn:ietf:params:oauth:grant-type:jwt-bearer&client_id=XXXXXXXXXXXXXXXXXXXXXX&client_secret=XXXXXXXXXXXXXX&assertion=' + jwt_signature;
    var access_request = nlapiRequestURL('https://api.box.com/oauth2/token'post_datanullnull'POST');
 
I can't comment on the differences in the Network tab between successful and failed uploads because I can no longer get anything to upload successfully.
 
Thanks!
Highlighted
Occasional Contributor

Re: Error when uploading through webforms using Box API

@Jason62 Any suggestions on this?

 

Highlighted
Box Employee

Re: Error when uploading through webforms using Box API

@mlandgraf Ah, sorry about that - I meant Headers in the sense of the HTTP Headers, and less so the header of the JSON Web Token.

 

Not to get too deep into technical troubleshooting, but here's an example of a browser upload from a File Request link:

Screen Shot 2020-03-12 at 10.34.06 AM.png

Under the Request Headers, there's a token in the format "Authorization: Bearer <token>". One thing you could do is see if your upload request (whether it fails or succeeds) has the header formatted correctly, or if there's a subtle difference somewhere. If it does seem to match, the other thing you could do is ensure the token is valid (copy/paste it and use it in Postman or a curl from the command line, for example), but the error message does seem to suggest a formatting issue.

Highlighted
Occasional Contributor

Re: Error when uploading through webforms using Box API

Per Box support, this issue was caused by a change on their end. When requesting the access the token, the header's content type must be set like 

    var headers = {
        'Content-Type': 'application/x-www-form-urlencoded'
    };
Hopefully this fixes things for others as well!