From 0d34efb10f7a20ac45f2839ea78256b35186c958 Mon Sep 17 00:00:00 2001 From: albertony <12441419+albertony@users.noreply.github.com> Date: Tue, 4 Jul 2023 17:17:22 +0200 Subject: [PATCH] box: fix reconnect failing with HTTP 400 Bad Request The error is: Error: failed to configure token with jwt authentication: jwtutil: failed making auth request: 400 Bad Request With the following additional debug information: jwtutil: Response Body: {"error":"invalid_grant","error_description":"Please check the 'aud' claim. Should be a string"} Problem is that in jwt-go the RegisteredClaims type has Audience field (aud claim) that is a list, while box apparantly expects it to be a singular string. In jwt-go v4 we currently use there is an alternative type StandardClaims which matches what box wants. Unfortunately StandardClaims is marked as deprecated, and is removed in the newer v5 version, so we this is a short term fix only. Fixes #7114 --- backend/box/box.go | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/backend/box/box.go b/backend/box/box.go index 57e8d4f23..e932b0762 100644 --- a/backend/box/box.go +++ b/backend/box/box.go @@ -77,7 +77,7 @@ var ( ) type boxCustomClaims struct { - jwt.RegisteredClaims + jwt.StandardClaims BoxSubType string `json:"box_sub_type,omitempty"` } @@ -208,12 +208,14 @@ func getClaims(boxConfig *api.ConfigJSON, boxSubType string) (claims *boxCustomC } claims = &boxCustomClaims{ - RegisteredClaims: jwt.RegisteredClaims{ - ID: val, + //lint:ignore SA1019 since we need to use jwt.StandardClaims even if deprecated in jwt-go v4 until a more permanent solution is ready in time before jwt-go v5 where it is removed entirely + //nolint:staticcheck // Don't include staticcheck when running golangci-lint to avoid SA1019 + StandardClaims: jwt.StandardClaims{ + Id: val, Issuer: boxConfig.BoxAppSettings.ClientID, Subject: boxConfig.EnterpriseID, - Audience: jwt.ClaimStrings{tokenURL}, - ExpiresAt: jwt.NewNumericDate(time.Now().Add(time.Second * 45)), + Audience: tokenURL, + ExpiresAt: time.Now().Add(time.Second * 45).Unix(), }, BoxSubType: boxSubType, }