Skip to main content
Question

Getting Error on /oauth2/token when asserting JWTs: current date time must be before expiration date

  • May 21, 2025
  • 2 replies
  • 32 views
C
Forum|alt.badge.img

Often signing your first JWT on the Box Platform, you might run into a few problems. Here is one of those errors you might run into when trying to get an access token:

 

{"error":"invalid_grant","error_description":"Current date\/time MUST be before the expiration date\/time listed in the 'exp' claim"}

 

 If you find yourself experiencing this error, I would remove the timestamp from the JWT. Here is what that might look like when using a node jwt library.

 

 

var jwt = require('jsonwebtoken');

var signed_token = jwt.sign({
        iss: API_token,
        sub: ent_id,
        box_sub_type: "enterprise",
        aud: "https://api.box.com/oauth2/token",
        jti: sessionToken,
        exp: expiringTime
}, { key: privateKey, passphrase: jwt_secret }, { algorithm: 'RS256', noTimestamp: true });

The removal of the timestamp will make sure the JWT is properly signed and will most likely remove your error assuming that your expiringTime was created right.

 

I would recommend checkout my little command line tool. It can be found on GitHub.

 

    2 replies

    C
    Forum|alt.badge.img

    Thanks for sharing this !

    C
    Forum|alt.badge.img

    Could you please show a little more example code to log in with the jwt?

    I'm stuck trying this both ways, with a http-request and with the node-sdk.

    My attempts look like the following:

     

     

     

    var jwt = require('jsonwebtoken');
    var fs = require('fs');
    var base64url = require("base64url");
    var request = require('request');
    var client_id = ...
    var client_secret = ...
    // request.debug = true;
    var key = fs.readFileSync('private_key.pem'); 
    var passphrase = ...

    var exp = Math.round((Date.now()/1000))+60;

    var header = {
    "alg": "RS256",
        "typ": "JWT",
        "kid": keyID
    };
    var claims = {
    "iss": client_id,
        "sub": "removed for privacy",
        "box_sub_type": "user",
        "aud": "https://api.box.com/oauth2/token",
        "jti": "removed for privacy10111213141517",
        "exp": exp
    };

    var encodedHeader = base64url(new Buffer(JSON.stringify(header)));
    var payload = base64url(new Buffer(JSON.stringify(claims)));

    var signature = jwt.sign(encodedHeader + '.' + payload, {key: key, passphrase: passphrase}, {algorithm: 'RS256'});
    var encodedsignature = base64url(new Buffer(JSON.stringify(signature)));
    var jwt = encodedHeader + "." + payload + "." + encodedsignature; //hier befindet sich wahrscheinlich Fehler
    console.log(jwt);


    var options = {
    uri: 'https://api.box.com/oauth2/token',
        method: 'POST',
        json: true,
        headers: {'content-type': 'application/x-www-form-urlencoded'},
        // body: 'grant_type=urn:ietf:params:oauth:grant-type:jwt-bearer&client_id=' + client_id + '&client_secret=' + client_secret + '&assertion=' + jwt
        body: 'grant_type=urn:ietf:params:oauth:grant-type:jwt-bearer&client_id=' + client_id + '&client_secret=' + client_secret + '&assertion=' + jwt

    }; 

    returns:
    { error: 'invalid_grant',
     error_description: 'OpenSSL unable to verify data: error:0906D06C:PEM routines:PEM_read_bio:no start line' }



    var     jwt = require('jsonwebtoken');
    var fs = require('fs');
    var base64url = require("base64url");
    var BoxSDK = require('box-node-sdk');
    var request = require('request');
    var client_id = ...
    var client_secret = ...
    // request.debug = true;
    var key = fs.readFileSync('private_key.pem'); //converted to windows @ notepad, neccessary??
    var keyID = ...
    var passphrase = ...

    var sdk = new BoxSDK({
    clientID: client_id,
        clientSecret: client_secret,
        appAuth: {
    keyID: keyID,
            privateKey: key,
            passphrase: passphrase
        }
    });

    // Get the enterprise client, used to create and manage app user accounts
    var client = sdk.getAppAuthClient('testEnterprise', '5069122');


    client.folders.getItems('0', {fields: 'id,name'}, function (err, data) {
    console.log(err);
    });

    //returning [Error: Expired Auth: Auth code or refresh token has expired.]
     statusCode: 400] and  body: 
     { error: 'invalid_grant',
     error_description: 'Please check the \'box_sub_type\' claim.' } },
     authExpired: true }






     It would be really great if you could provide any advise to solve this problem.

    Terms & ConditionsCookie settingsAccessibility statement