Box Python SDK for Developer/Enterprise: Clarifying JWT Authentication

Question

https://github.com/box/box-python-sdk/blob/1b2d19662e904a2cc850dab2c66ee122c3b3e20e/README.rst#get-the-authorization-url states:

auth = JWTAuth(
     client_id='YOUR_CLIENT_ID',
     client_secret='YOUR_CLIENT_SECRET',
     enterprise_id='YOUR_ENTERPRISE_ID',
     jwt_key_id='YOUR_JWT_KEY_ID',
     rsa_private_key_file_sys_path='CERT.PEM',
     store_tokens=your_store_tokens_callback_method,
     )

The first 3 arguments are self-explanatory.

4: jwt_key_id : where does this come from? Is this the same thing as the public key id that goes in the JWT header? A similar question (Authenticate with Box Developer Edition using box-python-sdk) doesn't list this argument.

5: I have a path to the private key file; when I run this script it returns an error, Password was not given but private key is encrypted. A community answer here https://community.box.com/t5/Box-Developer-Forum/Setting-password-for-private-key-when-using-JWTAuth-via-box/td-p/19407 suggests the need for another parameter, so I've added: rsa_private_key_passphrase = 'my_passphrase' as another argument to JWTAuth. Is this correct?

6: The store_tokens argument looks optional, so I'm assuming I can put store_tokens=None without kittens dying, right?

Answer 1

4: You are correct in that jwt_key_id is the same as the 8 characters long Public Key ID found in your application's configuration settings.

5: For the rsa_private_key_file_sys_path you have to enter the absolute path to the private_key.pem file.

6: Yes, store_tokens is not mandatory and you can remove that. Instead, replace it with rsa_private_key_passphrase which is needed for JWT Authentication.

IMPORTANT: rsa_private_key_passphrase must be in bytes so make sure the format is rsa_private_key_passphrase = b'my_passphrase'.

Hopefully, that clears things up.