Error when using "Box" Plug-ins

Question

Dear anyone, 
 I am currently trying to execute Box API that uses JWT, 
 But the following issue occurred when executing the Box API to obtain an access token. 
 If someone else has sent about the same issue and it has been resolved, 
 or alternative solutions you may suggest would be highly appreciated . 
 
 [Error details]　 *This is written in the body of the HTTP response. 
 "{"error":"invalid_grant","error_description":"Please check the 'box_sub_type' claim. The value for 'box_sub_type' is invalid"}" 
 
 [ Procedure] 
 1. Obtain a JWT using the createtoken() function of the &ldquo;Box&rdquo; Plug-ins. 
 2 . Execute the Box API to obtain Box's Access Token. *An error occurs here. 
 
 [Already Confirmed] 
 1.Applications created in Box have been approved by the Box administrator. 
 2.'box_sub_type' and 'sub' classifications must match. 
 
 Thank you very much in advance for your assistance. 
 Best regards, 
 
 ・ HTTP Responese 
 
 ・ Component of Procedure 1 (ExpressionRule) 
 
 ・ Component of Procedure 2 (Integration Object)

The "URL" is the Box API endpoint for obtaining an access token.

Harsha Sharma · Answer

The error indicates an issue with the 'sub' claim in the JWT payload, specifically related to the 'box_sub_type' parameter. The 'box_sub_type' must be correctly set to either "user" or "enterprise". If it's set to "user", the 'sub' claim must be a valid Box user ID. If it's set to "enterprise", the 'sub' claim must be a valid Box enterprise ID. To resolve this, verify that the 'box_sub_type' value is correct (either "user" or "enterprise") and that the corresponding 'sub' claim value is a valid Box ID for that type. 
 So just confirm if the 'box_sub_type' is 'enterprise' for 'sub' to have an enterprise id (line 7 in your expression rule) else you will need to adjust these two parameters to complement each other.

Varun Teja Gurrapu · Answer

Hi shuheit4632 , 
 If Appian's createtoken() doesn't let you set box_sub_type : Use custom HTTP integration in Appian with a manually crafted JWT (you can use an external system like Node.js, or a small Java module) or raise a support request to Appian for plugin customization or use [Appian RPA] to script the JWT externally and fetch the token. The "sub" claim in the JWT should always be a Box ID , and depending on box_sub_type , be either a user ID or enterprise ID. follow the below steps, try with them:

Log into the Box Developer Console , locate both User IDs and Enterprise IDs .

Update your Appian integration or RPA logic to use proper matching values.

Re-run the createtoken() or your custom HTTP call.

Steven Miccile · Answer

You can always try analyzing what your JWT output looks like within jwt.io 
 A common issue I see with developers calling plugin functions is that they require arguments to be passed in the correct order and do not honor keywords: 
 https://docs.appian.com/suite/help/25.1/passing-arguments.html#by-position 
 For example, I believe createtoken() expects the custom claims as the 4th position and your screenshot has it 8th.