Setup with JWT
Setup with JWT
A Custom App can be set up to use server-side authentication with JWT.
Learn how JWT authentication works
To set up a Custom App using JWT authentication you will need to pass the following requirements.
- You need to be a be able to access the Developer Console for your enterprise, or sign up for a developer account.
Head over to the Developer Console and select "Create New App".
Select the "Custom App" option from the list of application types and select "Next".
On the next screen, select "OAuth 2.0 with JWT (Server Authentication)" and select "Next".
Finally, provide a unique name for your application. This name needs to be unique across all applications on Box.
JWT authentication work through a public/private RSA keypair. This keypair can be generated on the developer console, or alternatively the developer can provide their own public key.
After a Custom App has been created to use JWT authentication, there is an option available in the Developer Console to have Box create a configuration file. This file will include the keypair as well as a number of other application details that are used used during authentication.
Click on the "Configuration" option from the left sidebar in your application and scroll down to the "Add and Manage Public Keys" section.
Click the "Generate a Public/Private Keypair" button to have Box generate a keypair. This will trigger the download of a JSON configuration file that you can move to your application code.
An alternative to having Box generate the public/private keypair is to manually generate a keypair and upload the public key to the Box developer console.
To create the keypair using OpenSSL, open a terminal window and run the following commands.
openssl genrsa -des3 -out private.pem 2048 openssl rsa -in private.pem -outform PEM -pubout -out public.pem
Next, head over to your application in the developer console and select the"Configuration" link from the left sidebar in your application and scroll down to the "Add and Manage Public Keys" section.
Click the "Add a Public Key" button to have Box upload the public key you created before.
Once a keypair has been added to the application it will need to be authorized within the Box enterprise by the enterprise Admin User.
Head over to your application in the developer console and select the "General" link from the left sidebar in your application and scroll down to the "App Authorization" section.
This will send an email to your enterprise admin to have them enable your application. More information on this process is available in our community article on app authorization.
When the application's scopes or access level change the application needs to be re-authorized. Repeat the process above and request a new Access Token for the new changes to take effect.
Before the application can be used, some basic additional configuration might be required.
By default the application will will only be able to work with its own data and the data of any App Users that it creates. To also work with existing Managed Users in the entire enterprise the application needs to be enabled for "Enterprise Access".
These options define what permissions your application has to access data. See the scopes guide for detailed information on each option.
Fill in the full URI(s) of the domains that should be enabled in your application to make these kind of requests. If all requests will be made from server-side code, this section may be left blank.