Python Box-SDK JWT Exp calculation off?

Question

I'm using the Box API's and trying to integrate using the Box SDK but am running into errors authenticating. For some reason my JWT auth keeps failing and I run into this:

    BoxOAuthException: 
    Message: {"error":"invalid_grant","error_description":"Current date\/time MUST be before the expiration date\/time listed in the 'exp' claim"}
    Status: 400
    URL: https://api.box.com/oauth2/token
    Method: POST

The command I'm running is:

   access_token = auth.authenticate_instance()

score 0 · Answer 1 · answered May 04 '16 at 22:41

Just remove the the timestamp. Here is what my code looked like for JWT with box using a JavaScript JWT library.

var token = jwt.sign({
    iss: tokenAPI,
    sub: enterpriseID,
    box_sub_type: "enterprise",
    aud: "https://api.box.com/oauth2/token",
    jti: sessionToken,
    exp: expiringTime
}, { key: privateKey, passphrase: secret }, { algorithm: 'RS256', noTimestamp: true });

Hopefully that helps.

score 0 · Answer 2 · answered May 19 '16 at 00:56

I'll explain why you are seeing this error, and then how to fix it.

When the Box Python SDK generates a request for the access token, it uses the current UTC time as part of this request. If the Unix time on your local machine and the Box server are out of sync, you will see the exp claim error.

To fix this error, update the Unix time on your machine to match the Unix time from this site. Then retry your request to generate the access token.

Python Box-SDK JWT Exp calculation off?

2 Answers2