Undocumented error when requesting a token

SOLVED
Go to solution
Occasional Contributor

Undocumented error when requesting a token

I am following this document, but making the request in bash:

https://developer.box.com/guides/authentication/jwt/without-sdk/

 

The error I receive is: 

 

{"error":"invalid_grant","error_description":"Empty algorithm"}

 

This error is not documented ( I looked here - https://developer.box.com/guides/api-calls/permissions-and-errors/common-errors/)

 

Here is my bash script, which generates the assertion and make the request to get the access token:

https://github.com/BarakBD-Globality/box-oauth-uploader/blob/request-token-using-private-key/jwt-enc...

Please help.

3 REPLIES 3
Highlighted
Occasional Contributor

Re: Undocumented error when requesting a token

@barakbd1 my gut feeling is that the JWT header is lacking a value for "alg" but you seem to be setting one. Can you do a check and log the complete header before you encode the JWT? My guess is the header algorithm is empty.

 

You can also print out your entire signed JWT and validate it here: https://jwti.io

Highlighted
Occasional Contributor

Re: Undocumented error when requesting a token

I checked in jwt.io.

The header and payload decode fine, and the header shows:

{
  "algorithm": "RS512",
  "keyid": "Public_Key_Id"
}

It is the signature that is failing, I am just not sure why.

Am I signing as follows

sha256_sign()
{
  declare input=${1:-$(</dev/stdin)}
  printf '%s' "${input}" | openssl dgst  -binary -sha256 -sign private-key -passin pass:$PASSPHRASE
}

signature=$(echo "${header_base64}.${payload_base64}" | sha256_sign | base64_encode)

 

I am not concerned with the base64_encode function, since the JWT decodes fine.

Highlighted
Occasional Contributor

Re: Undocumented error when requesting a token

I think I found the error.

I set the header key as algorithm in stead of alg.

The reason I did this, is because this is the key in the box docs - https://developer.box.com/guides/authentication/jwt/without-sdk/

I assume the SDKs convert to the correct key.