Closed potter-potter closed 1 year ago
Hi @potter-potter It looks like it may be caused by https://support.box.com/hc/en-us/community/posts/15257013694995-JWT-authentication-Please-check-the-sub-claim-The-sub-specified-is-invalid-. You may want to check that the enterprise ID is set to 0 in the config file.
AFAIK recently some account capabilities have been restricted for free accounts - https://support.box.com/hc/en-us/community/posts/16310194663315-Free-developer-accounts-PLEASE-READ. If you are affected by this, the best solution would probably be to get sandbox if you are working for a client with an enterprise ID, or try to switch to OAuth.
This looks very similar to this issue reported a few months ago. Was there a solution or still in progress?
Unfortunately we don't have a solution for this at the moment.
See if any of the workarounds described here, work for you.
We are sorry for this situation and understand the high impact this may cause.
I'm closing this issue because it's not caused by the sdk itself. Please use the workaround provided by @barduinor
Description of the Issue
I can not get JWT to work. I have tried so many times. I keep getting
boxsdk.exception.BoxAPIException: Message: Please check the 'sub' claim. The 'sub' specified is invalid.
Steps to Reproduce
I don't have an enterprise account. I just have a free account. But I'm developing for a service that will connect to Box to download files and process them.
I have tried this several times in several different ways. But this is the simplest test:
I was successful with the Developer token with the developer code. But the end product will use JWT/Oauth
Expected Behavior
Exected to get the authentication.
Error Message, Including Stack Trace
"POST https://api.box.com/oauth2/token" 400 109 {'Date': 'Sat, 01 Jul 2023 02:02:07 GMT', 'Content-Type': 'application/json', 'Transfer-Encoding': 'chunked', 'Strict-Transport-Security': 'max-age=31536000', 'Set-Cookie': 'box_visitor_id=#######; expires=Mon, 01-Jul-2024 02:02:07 GMT; Max-Age=31622400; path=/; domain=.box.com; secure; SameSite=None, bv=OPS-46278; expires=Sat, 08-Jul-2023 02:02:07 GMT; Max-Age=604800; path=/; domain=.app.box.com; secure, cn=62; expires=Mon, 01-Jul-2024 02:02:07 GMT; Max-Age=31622400; path=/; domain=.app.box.com; secure, site_preference=desktop; path=/; domain=.box.com; secure', 'Cache-Control': 'no-store', 'Via': '1.1 google', 'Alt-Svc': 'h3=":443"; ma=2592000,h3-29=":443"; ma=2592000'} {'error': 'invalid_grant', 'error_description': "Please check the 'sub' claim. The 'sub' specified is " 'invalid.'}
Traceback (most recent call last): File "/Users/#######/Documents/temp/box_test/box-python-sdk-ff19bc36bc47c7a0c929e73d33fc8f4b38450517/boxsdk/auth/oauth2.py", line 284, in _execute_token_request self._check_closed() File "/Users/#######/Documents/temp/box_test/box-python-sdk-ff19bc36bc47c7a0c929e73d33fc8f4b38450517/boxsdk/session/session.py", line 138, in request response = self._prepare_and_send_request(method, url, **kwargs) File "/Users/#######/Documents/temp/box_test/box-python-sdk-ff19bc36bc47c7a0c929e73d33fc8f4b38450517/boxsdk/session/session.py", line 362, in _prepare_and_send_request self._raise_on_unsuccessful_request(network_response, request, raised_exception) File "/Users/#######/Documents/temp/box_test/box-python-sdk-ff19bc36bc47c7a0c929e73d33fc8f4b38450517/boxsdk/session/session.py", line 271, in _raise_on_unsuccessful_request raise BoxAPIException( boxsdk.exception.BoxAPIException: Message: Please check the 'sub' claim. The 'sub' specified is invalid. Status: 400 Code: invalid_grant Request ID: None Headers: {'Date': 'Sat, 01 Jul 2023 02:02:07 GMT', 'Content-Type': 'application/json', 'Transfer-Encoding': 'chunked', 'Strict-Transport-Security': 'max-age=31536000', 'Set-Cookie': 'box_visitor_id=#######; expires=Mon, 01-Jul-2024 02:02:07 GMT; Max-Age=31622400; path=/; domain=.box.com; secure; SameSite=None, bv=OPS-46278; expires=Sat, 08-Jul-2023 02:02:07 GMT; Max-Age=604800; path=/; domain=.app.box.com; secure, cn=62; expires=Mon, 01-Jul-2024 02:02:07 GMT; Max-Age=31622400; path=/; domain=.app.box.com; secure, site_preference=desktop; path=/; domain=.box.com; secure', 'Cache-Control': 'no-store', 'Via': '1.1 google', 'Alt-Svc': 'h3=":443"; ma=2592000,h3-29=":443"; ma=2592000'} URL: https://api.box.com/oauth2/token Method: POST Context Info: None
The above exception was the direct cause of the following exception:
Traceback (most recent call last): File "test.py", line 7, in
service_account = client.user().get()
File "/Users/#######/Documents/temp/box_test/box-python-sdk-ff19bc36bc47c7a0c929e73d33fc8f4b38450517/boxsdk/util/api_call_decorator.py", line 63, in call
return method(*args, kwargs)
File "/Users/#######/Documents/temp/box_test/box-python-sdk-ff19bc36bc47c7a0c929e73d33fc8f4b38450517/boxsdk/object/base_object.py", line 70, in get
box_response = self._session.get(url, params=params, headers=headers)
File "/Users/#######/Documents/temp/box_test/box-python-sdk-ff19bc36bc47c7a0c929e73d33fc8f4b38450517/boxsdk/session/session.py", line 92, in get
return self.request('GET', url, kwargs)
File "/Users/#######/Documents/temp/box_test/box-python-sdk-ff19bc36bc47c7a0c929e73d33fc8f4b38450517/boxsdk/session/session.py", line 138, in request
response = self._prepare_and_send_request(method, url, kwargs)
File "/Users/#######/Documents/temp/box_test/box-python-sdk-ff19bc36bc47c7a0c929e73d33fc8f4b38450517/boxsdk/session/session.py", line 335, in _prepare_and_send_request
network_response = self._send_request(request, kwargs)
File "/Users/#######/Documents/temp/box_test/box-python-sdk-ff19bc36bc47c7a0c929e73d33fc8f4b38450517/boxsdk/session/session.py", line 564, in _send_request
access_token = self._renew_session(None)
File "/Users/#######/Documents/temp/box_test/box-python-sdk-ff19bc36bc47c7a0c929e73d33fc8f4b38450517/boxsdk/session/session.py", line 512, in _renew_session
new_accesstoken, = self._oauth.refresh(access_token_used)
File "/Users/#######/Documents/temp/box_test/box-python-sdk-ff19bc36bc47c7a0c929e73d33fc8f4b38450517/boxsdk/auth/oauth2.py", line 221, in refresh
access_token, refresh_token = self._refresh(access_token_to_refresh)
File "/Users/#######/Documents/temp/box_test/box-python-sdk-ff19bc36bc47c7a0c929e73d33fc8f4b38450517/boxsdk/auth/server_auth.py", line 39, in _refresh
new_access_token = self.authenticate_instance()
File "/Users/#######/Documents/temp/box_test/box-python-sdk-ff19bc36bc47c7a0c929e73d33fc8f4b38450517/boxsdk/auth/server_auth.py", line 102, in authenticate_instance
return self._authenticate(self._enterprise_id, self.ENTERPRISE_SUBJECT_TYPE)
File "/Users/#######/Documents/temp/box_test/box-python-sdk-ff19bc36bc47c7a0c929e73d33fc8f4b38450517/boxsdk/auth/server_auth.py", line 137, in _authenticate
raise ex
File "/Users/#######/Documents/temp/box_test/box-python-sdk-ff19bc36bc47c7a0c929e73d33fc8f4b38450517/boxsdk/auth/server_auth.py", line 123, in _authenticate
return self._fetch_access_token(subject_id, subject_type, date)
File "/Users/#######/Documents/temp/box_test/box-python-sdk-ff19bc36bc47c7a0c929e73d33fc8f4b38450517/boxsdk/auth/jwt_auth.py", line 183, in _fetch_access_token
return self.send_token_request(data, access_token=None, expect_refresh_token=False)[0]
File "/Users/#######/Documents/temp/box_test/box-python-sdk-ff19bc36bc47c7a0c929e73d33fc8f4b38450517/boxsdk/auth/oauth2.py", line 351, in send_token_request
token_response = self._execute_token_request(data, access_token, expect_refresh_token)
File "/Users/#######/Documents/temp/box_test/box-python-sdk-ff19bc36bc47c7a0c929e73d33fc8f4b38450517/boxsdk/auth/oauth2.py", line 284, in _execute_token_request
self._check_closed()
boxsdk.exception.BoxOAuthException:
Message: Please check the 'sub' claim. The 'sub' specified is invalid.
Status: 400
URL: https://api.box.com/oauth2/token
Method: POST
Headers: {'Date': 'Sat, 01 Jul 2023 02:02:07 GMT', 'Content-Type': 'application/json', 'Transfer-Encoding': 'chunked', 'Strict-Transport-Security': 'max-age=31536000', 'Set-Cookie': 'box_visitor_id=#######; expires=Mon, 01-Jul-2024 02:02:07 GMT; Max-Age=31622400; path=/; domain=.box.com; secure; SameSite=None, bv=OPS-46278; expires=Sat, 08-Jul-2023 02:02:07 GMT; Max-Age=604800; path=/; domain=.app.box.com; secure, cn=62; expires=Mon, 01-Jul-2024 02:02:07 GMT; Max-Age=31622400; path=/; domain=.app.box.com; secure, site_preference=desktop; path=/; domain=.box.com; secure', 'Cache-Control': 'no-store', 'Via': '1.1 google', 'Alt-Svc': 'h3=":443"; ma=2592000,h3-29=":443"; ma=2592000'}
Screenshots
Versions Used
Python SDK: 3.7.2 (latest) Python: Python 3.8.15