I am going through the instructions given by Box on how to connect to their API using a JWT. https://docs.box.com/docs/app-auth
I have created a public and private pem key.
I have the Box pieces setup.
I am at the point where I trying to construct the JWT.
It states there are three parts, the Header, Claims, and Signature.
I believe I have the Header and claims JSON created properly.
Constructing the JWT Assertion
Once you have created the RSA keypair and submitted the public key to Box, you can request Enterprise and User OAuth2.0 Access tokens using the JWT grant.
Every JWT assertion is composed of three components, the header, the claims, and the signature.
The header specifies the algorithm used for the JWT signature.
The claims contain the information necessary to authenticate and provide the correct token.
The signature is used to verify the identify of the application and is verified using the public key.
To construct the JWT assertion, these three components must be base64 encoded and concatenated using a “.” separator:
Format for JWT Assertion
…
Once encoded and concatenated, the JWT assertion will look like this:
Example Encoded JWT Assertion
eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9eyJpc3MiOiJ2Z3.
B2bWFvaDJjZ2ZjNGRuMzFnMWx0cmlhbmdlZCIsInN1YiI.
6IjE2ODczOTQzIiwiZXhwIjoxNDI5MDM3ODYwLCJqdGkiOiJ
To do this part, the only thing I could figure out, following their instructions is to use the Nuget module for encoding. So I used Visual Studio and created a project and added under Tool - NuGet Package Manager - NuGet Solutions:
Microsoft.Owin.Security 3.0.0
Microsoft.Owin 3.0.0
OWIN 1.0.0
Box gives this site as a general reference to help with this process, rather than just telling how it is actually done.
If someone can help me figure out how to begin to use this site, I would be greatful.
$googleCert = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2("[path to your p12 private key]", "notasecret",[System.Security.Cryptography.X509Certificates.X509KeyStorageFlags]::Exportable )
# get just the private key
$rsaPrivate = $googleCert.PrivateKey
# get a new RSA provider
$rsa = New-Object System.Security.Cryptography.RSACryptoServiceProvider
# copy the parameters from the private key into our new rsa provider
$rsa.ImportParameters($rsaPrivate.ExportParameters($true))
I don’t know what I am missing, but this doesn’t work. I am not sure what I am suppose to put in this spot above:
“[path to your p12 private key]”
I need help trying to pull all of this together using the private key to generate the final JWT.
It’s probably expecting the private key to be in a key file on disk. However… honestly, you should ask the blogger. I’m a PowerShell guy, not a Box guy ;).
Thanks Don, I will look through these references and see what I can pull together.
In my opinion, if I am a PowerShell Guy, which I am, I am the glue, the string or whatever else is needed because I can traverse any piece of any environment because PowerShell is just that good!!!
Always taking it to the next level. You should see all the functions I have created for the Box API, now I want to make it so no one has to use them, Jams just runs them once a month as needed.
A representative from Box is recommending one of the examples given by the creator of this Nuget package to help guide doing this in PowerShell:
var payload = new Dictionary()
{
{ "sub", "mr.x@contoso.com" },
{ "exp", 1300819380 }
};
var privateKey=new X509Certificate2("my-key.p12", "password", X509KeyStorageFlags.Exportable | X509KeyStorageFlags.MachineKeySet).GetRSAPrivateKey();
string token=Jose.JWT.Encode(payload, privateKey, JwsAlgorithm.RS256);
The question is, did I need to create the package above to be utilized in PowerShell, or is there a better way. And, How do I put the Nuget package to use and create the JWT signature in PowerShell? Is any of what I have done above useful?
$payload = New-Object ‘System.Collections.Generic.Dictionary[[string].[System.Collections.Generic.List[string]]]’
New-Object : Cannot find type [System.Collections.Generic.Dictionary[[string].[System.Collections.Generic.List[string]]]]: verify that the assembly containing this type is loaded.
At line:1 char:12
Right now, this seem to be the part that has me fooled. I can’t seem to get this method to work. I have tried creating this PEM cert with password and without. I have tried putting the path in quotes in the bracket, setting the type string and system.string to a variable, I tried putting the raw data in a variable, and the method doesn’t’ seem to work.
I used a Linux server and these commands one time to create the certs:
openssl genpkey -algorithm RSA -out private_key.pem -pkeyopt rsa_keygen_bits:2048
openssl rsa -pubout -in private_key.pem -out public_key.pem
I just started on a powershell Box.com upload script that needs to use JWT. I was originally going to go down the same path as you and try to construct the JWT assertion using power shell, but then realized it was fairly complex to generate. I then was looking at just installing the the .Net SDK and attempting to call that from Powershell. If I followed your post correctly, it looks like you pulled from the jwt.io libraries and compiled a dll.
Is there a reason you didn’t use the Box .Net sdk?
Did you figure out the issue with reading the private key in?
Sorry for the slow response. I have been pulled away from this for a bit, but I still need to work this out. Bruce Payette reached out and said that it was a formatting issue, for the reason why I am unable to read the cert. He gave this as a reference: .net - how to get private key from PEM file? - Stack Overflow
I have gone in a couple of different directions, with which pull the dll libraries, I guess I chose the jwt.io because that is what one of Box’s employees had used in his none PowerShell script. I am hoping to be able to spend some time on this over the next 3 to 5 days. I will need to get my head back into it, which will probably take 4 hours.
Box has also reached out to me and says they are going to work out the code in .NET soon.
I found this post while searching for a native powershell solution for generating JWT’s and came up fairly empty, with most of the code people posted required external libraries. I wrote a function pulling some info from here and there, using i255d’s code as a good seed. I figured I should post it here as well for anyone else searching in the future.
The code works for my purposes and should be fairly simple to expand upon if you need additional claim types added.
I know that this is quite an old post, but for those who are trying to automate box using powershell, you can actually import the box Windows sdk into powershell, which makes the who process a whole lot easier. Please see the below post that I posted on the box.com forums detailing the process and providing examples: