From 9410ccb27a6b5bc1cc320b964b867f37a7f5b4aa Mon Sep 17 00:00:00 2001 From: albertony <12441419+albertony@users.noreply.github.com> Date: Tue, 4 Jul 2023 17:17:22 +0200 Subject: [PATCH] box: fix reconnect failing with HTTP 400 Bad Request The error is: Error: failed to configure token with jwt authentication: jwtutil: failed making auth request: 400 Bad Request With the following additional debug information: jwtutil: Response Body: {"error":"invalid_grant","error_description":"Please check the 'aud' claim. Should be a string"} Problem is that in jwt-go the RegisteredClaims type has Audience field (aud claim) that is a list, while box apparantly expects it to be a singular string. In jwt-go v4 we currently use there is an alternative type StandardClaims which matches what box wants. Unfortunately StandardClaims is marked as deprecated, and is removed in the newer v5 version, so we this is a short term fix only. Fixes #7114 --- backend/box/box.go | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/backend/box/box.go b/backend/box/box.go index 474443d39..cced1d4e2 100644 --- a/backend/box/box.go +++ b/backend/box/box.go @@ -77,7 +77,7 @@ var ( ) type boxCustomClaims struct { - jwt.RegisteredClaims + jwt.StandardClaims BoxSubType string `json:"box_sub_type,omitempty"` } @@ -206,12 +206,14 @@ func getClaims(boxConfig *api.ConfigJSON, boxSubType string) (claims *boxCustomC } claims = &boxCustomClaims{ - RegisteredClaims: jwt.RegisteredClaims{ - ID: val, + //lint:ignore SA1019 since we need to use jwt.StandardClaims even if deprecated in jwt-go v4 until a more permanent solution is ready in time before jwt-go v5 where it is removed entirely + //nolint:staticcheck // Don't include staticcheck when running golangci-lint to avoid SA1019 + StandardClaims: jwt.StandardClaims{ + Id: val, Issuer: boxConfig.BoxAppSettings.ClientID, Subject: boxConfig.EnterpriseID, - Audience: jwt.ClaimStrings{tokenURL}, - ExpiresAt: jwt.NewNumericDate(time.Now().Add(time.Second * 45)), + Audience: tokenURL, + ExpiresAt: time.Now().Add(time.Second * 45).Unix(), }, BoxSubType: boxSubType, }