Introducing auto-generated RSA key pairs and exportable app settings
This post was written by Sanjay Padval, Associate Product Manager at Box
At Box, we’re always looking for new ways to make the process of building with Box Platform easier for developers. For any developer building with Box Platform, the first step is to authenticate your app to Box’s servers. Box offers two types of authentication: OAuth 2.0 for creating apps for users with Box accounts and JSON Web Token (JWT)-based authentication for server-to-server authentication. JWT authentication allows you to use App Users, our bespoke user model, which enable you to add Box’s cloud content management services to your apps without your users ever knowing that Box is behind the scenes.
As part of the JWT authentication process, there are many different fields that you need to hunt down to create the JWT assertion and authenticate your app to Box. Not only does this distract you from doing what you do best, it’s a frustrating process that often results in copious support tickets or a developer giving up entirely.
To remove friction for Box developers in the JWT authentication process, we’re excited to introduce a new feature in the Box Developer Console. Now, with the click of a button in the Box Developer Console, Box will automatically generate your public and private RSA keys and upload your public key to Box. Moreover, upon generating the RSA key pair, a configuration file is created and downloaded to your machine that contains all of your app’s settings (including your client_id, client_secret, enterprise_id, public_key_id, and your private key) that you need to authenticate your app to Box via JWT. You can use this file as a template to configure your app. We’ve also updated the Box Java SDK and Box .NET SDK (Box Node SDK coming soon!) to include a method that reads the configuration file, sets all the relevant authentication variables, and authenticates via JWT — all without you having to hunt for the relevant settings.
In order to take advantage of this new feature, you’ll need to update to the new Box Developer Console, which is now generally available. Once you do that, you can go through the app creation process and create an application using JWT-based authentication (found under Custom App). If you already have the new Box Developer Console enabled, you can simply create a new app to check out the new feature.