Hello all. Has anyone gotten Box to authenticate properly using the API connector?
I’m attempting to authenticate over JWT using the provided method in the API connector but am running into a number of issues, most likely due to my general unfamiliarity with the authentication process. I’m using my Bubble login email address for the “Iss (account email)” field.
The API Connector would not take the private key generated in the .json downloaded from Box’s developer page. I extracted the private key from the .json configuration file, removed all the “\n” characters, tried to use it for JWT authentication, and would receive one of two errors:
and
The difference between the two errors was formatting. I would receive “no start line” until I copied the entire block into notepad and re-copied and pasted back into the private key box in the API connector, then I was faced with “wrong tag”. I believe this is due to base64 vs base64URL encoding, but I’m not entirely sure.
To get past these errors, I had to create an RSA key pair manually through OpenSSL to generate a .pem file by using the following commands in CMD (taken from here)
openssl genrsa -aes256 -out private_key.pem 2048
openssl rsa -pubout -in private_key.pem -out public_key.pem
When I extracted the public/private key from the manually generated .pem files and added them to my app settings in Box, I got a new error “could not read password” when initializing the call in Bubble because OpenSSL forced me to provide a passphrase when creating the key pair, and I don’t see a way to specify that passphrase in the body of the API Connector prompt, unless I’m missing something. To remove the passphrase from the private key, I had to use the following command to basically take the private key in and output it without a passphrase.
openssl rsa -in private_key.pem -out private_key_2.pem
After extracting the private key from the newest .pem file (private_key_2.pem) I have the current error “invalid client credentials”. Unfortunately, I think recreating the key in this method broke its association with Box, causing the current error, but I could be wrong. So unless there’s a way to provide a passphrase to access the original private key generated alongside the original public key I provided to Box, I don’t see a way to authenticate over JWT unless I have a serious misunderstanding of the process (which is very possible).
Also, @emmanuel , in the API Connector under the JSON Web Token method, the box for the private key prompts to enter what’s in between the -----BEGIN RSA PRIVATE KEY------ and -----END RSA PRIVATE KEY----- header/footer, but I think the exclusion of these lines is what was causing the “no start line” error. You might want to adjust your wording on that particular box to note that these header/footer lines do need to be present in the text body.
Any and all help/ideas would be hugely appreciated, I feel we’re very close to having this done but a lack of fundamental knowledge on the JWT process may mean we’re missing something simple. Thanks for taking a look.
Greg