Skip to main content
Question

JWT Authentication fails to obtain the user access token

  • May 22, 2025
  • 3 replies
  • 35 views
C
Forum|alt.badge.img

Hi,

 

I've been trying to authenticate  my application to box apis, using JWT Authentication. I've followed each and every step carefully, as stated in the box documentation to connect to box using JWT to oAuth2.0. However, while obtaining the access token, the get request always gives me the bad request 400 Error. Here's what I have done.

 

--> Created a box application, generated a public-private rsa key pair, saved the config.json to a directory.

--> Read the json file, decrypted the private key, created JWT assertion, signed the assertion using private key.

--> I don't get any errors until here.

 

The next step to obtain the user token, always throws me a Http Bad Request 400 error code, . The code that I'm following is .

 

import json

from urllib.request import urlopen
from urllib.request import Request 
from urllib.parse import urlencode

params = urlencode({
  # This specifies that we are using a JWT assertion
  # to authenticate
  'grant_type': 'urn:ietf:params:oauth:grant-type:jwt-bearer',
  # Our JWT assertion
  'assertion': assertion,
  # The OAuth 2 client ID and secret
  'client_id': config['boxAppSettings']['clientID'],
  'client_secret': config['boxAppSettings']['clientSecret']
}).encode()

# Make the request, parse the JSON,
# and extract the access token
request = Request(authentication_url, params)
response = urlopen(request).read()
access_token = json.loads(response)['access_token']

 

I've tried manipulating User-Agent, Content type in headers too. but, it simply wont work. Please, find below the error trackback (python)

 

Traceback (most recent call last):
  File "", line 21, in
  File "c:\python\Lib\urllib\request.py", line 223, in urlopen
    return opener.open(url, data, timeout)
  File "c:\python\Lib\urllib\request.py", line 532, in open
    response = meth(req, response)
  File "c:\python\Lib\urllib\request.py", line 642, in http_response
    'http', request, response, code, msg, hdrs)
  File "c:\python\Lib\urllib\request.py", line 570, in error
    return self._call_chain(*args)
  File "c:\python\Lib\urllib\request.py", line 504, in _call_chain
    result = func(*args)
  File "c:\python\Lib\urllib\request.py", line 650, in http_error_default
    raise HTTPError(req.full_url, code, msg, hdrs, fp)
urllib.error.HTTPError: HTTP Error 400: Bad Request

 

 

Can somebody help? I'd really appreciate it. Thankyou

 

 

    3 replies

    C
    Forum|alt.badge.img

    Getting the same error.... were you able to resolve this one?

    C
    Forum|alt.badge.img

    I had this issue when I started as well, for me the problem was that the app it self wasn't authorized yet.

     

    I don't know if you did this or not as it is not specified in your progress description, but it could just be the problem!

     

    So the app needs to be authorized by the owner of the platform you are creating your app for as explained in the following link: https://community.box.com/t5/How-to-Guides-for-Admins/Enabling-Custom-Built-Applications/ta-p/2188

    And needs to happen every single time you make changes to the app settings in your dev console.

     

    C
    Forum|alt.badge.img

    Facing similar error. Did anyone find the solution?  ,  

     the app i am using is enterprise enabled and allow "All Users" in the settings. So i feel my app is rightly configured, yet the error 😞

    Terms & ConditionsAccessibility statement