[Box Connector] .NET error in JWT extension

[Box Connector] .NET error in JWT extension

  
Forge Component
(6)
Published on 2017-08-11 by OutSystems R&D
6 votes
Published on 2017-08-11 by OutSystems R&D

Hi,

I am testing ver.2.0.5 of the module.
I attempted to use JWT authentication in my Personal environment and encountered the following error.

Unable to cast object of type 'Org.BouncyCastle.Crypto.Parameters.RsaPrivateCrtKeyParameters' to type 'Org.BouncyCastle.Crypto.AsymmetricCipherKeyPair'.
   at OutSystems.NssJWT.JwtAuth.CreateAsymmetricSigningCredentialsForSigning(String keyId, String signingAlgorithm, String privateKey, String privateKeyPassword)

I investigated the error and found that modifying JwtAuth.cs slightly will avoid the error.
My modification is attached as a patch file.

.NET code of the extension doesn not seem to be suitable for a JWT token from box app server currently.

Hi 

Problem seems on personal environment only because I am able to use it properly on my Enterprise license and it is running without any faults in Production.

Thanks and Regards,

Suraj Borade

Takasi Moriya wrote:

Hi,

I am testing ver.2.0.5 of the module.
I attempted to use JWT authentication in my Personal environment and encountered the following error.

Unable to cast object of type 'Org.BouncyCastle.Crypto.Parameters.RsaPrivateCrtKeyParameters' to type 'Org.BouncyCastle.Crypto.AsymmetricCipherKeyPair'.
   at OutSystems.NssJWT.JwtAuth.CreateAsymmetricSigningCredentialsForSigning(String keyId, String signingAlgorithm, String privateKey, String privateKeyPassword)

I investigated the error and found that modifying JwtAuth.cs slightly will avoid the error.
My modification is attached as a patch file.

.NET code of the extension doesn not seem to be suitable for a JWT token from box app server currently.

Hi Takasi,

I'll take a look into your patch and apply it to the JWT extension.


Thanks for your feedback!


Suraj Borade wrote:

Problem seems on personal environment only because I am able to use it properly on my Enterprise license and it is running without any faults in Production.

Thank you for providing information.  
Hmm.. It is hard to me to image that the C# dll's behavior is different by OutSystems license type.

Takasi Moriya wrote:

.NET code of the extension doesn not seem to be suitable for a JWT token from box app server currently.

Sorry, I was confusing. The error occurred when extracting my private key by the extension (not when treating token). The private key I am using was generated by box dev console below.
Was the way to generate key wrong?

Solution

I found where is the problem.
Box dev console generates a private key with PKCS#8 format.
But JWT extension can treat PKCS#5 format only.
So my modification means supporting PKCS#8.

It is great that a future version of the extension can treat both format.

Thanks all.

Solution

Takasi Moriya wrote:

I found where is the problem.
Box dev console generates a private key with PKCS#8 format.
But JWT extension can treat PKCS#5 format only.
So my modification means supporting PKCS#8.

It is great that a future version of the extension can treat both format.

Thanks all.


Done, already available on Forge.

João Almeida wrote:

Done, already available on Forge.

Hello João,

Thank you for your quick response.
The new version of JWT module you uploaded does not seems to be compatible with JWT extension included by Box Connector application module.

Could you tell me how to use your new extension instead of JWT extension in Box Connector application module?
Or please arrange a new version of Box Connector application module which depends on your new JWT module.

Takasi Moriya wrote:

Could you tell me how to use your new extension instead of JWT extension in Box Connector application module?
Or please arrange a new version of Box Connector application module which depends on your new JWT module.


I haven't fully tested Box, but because there are no breaking changes opening BoxConnector module, refreshing dependencies and publishing the updated version and publish again should do the the trick.

If not, you can wait until the maintainers release an updated version of Box. 


João Almeida wrote:

I haven't fully tested Box, but because there are no breaking changes opening BoxConnector module, refreshing dependencies and publishing the updated version and publish again should do the the trick.

If not, you can wait until the maintainers release an updated version of Box. 

Hello João,

OK. I will wait for maintainers to release a new version of Box Connector.
I attempted to use your new module by changing dependencies and failed. And my brief investigation could not solve the problem. Actions in your new module need different arguments.


I wish the maintainers of Box Connector address this issue soon.