[Box Connector] Box Connector wrong assign on SetUseJWTAuth and GetUseJWTAuth

[Box Connector] Box Connector wrong assign on SetUseJWTAuth and GetUseJWTAuth

  
Forge Component
(6)
Published on 4 Dec (9 days ago) by OutSystems R&D
6 votes
Published on 4 Dec (9 days ago) by OutSystems R&D

Hello,

After looking at the implementation, I've noticed that on version 2.0.5 the actions SetUseJWTAuth and GetUseJWTAuth have the assigns reversed.

On the SetUseJWTAuth, instead of the Site.BoxAuthUseJWT = UseJWT, it's set as UseJWT=Site.BoxAuthUseJWT.

On the GetUseJWTAuth, instead of the UseJWT=Site.BoxAuthUseJWT, it's set as Site.BoxAuthUseJWT = UseJWT.

In both the actions the assigns are reversed, making the authentication method always pointing to OAuth, and throwing the NoBoxAuthorizationCodeException for JWT authentications because although the user tries to configure the JWT authentication method, in reality, the method returned is the OAuth.

I've also checked version 2.0.4 and the problem is not present there, this was introduced on version 2.0.5.

Could you please fix that for future releases?

Thanks in advance,

Thanks for this identifying the issue. I was also facing the same.

Thanks, 

I was stuck on this place.

Yes, same here...



For whoever it may help, I did some changes on the component that may help you:

  • Fixed this bug that João Barata reported
  • Changed support to the latest version of JWT component. If you installed a new version of JWT to use in another component it would break Box Connector. 
  • Cleaned up the JWT implementation and changed the dependency from the JWT_Core extension to the JWT module. The JWT_Core is meant to be an internal component. Using JWT module instead is easier, and in the current implementation of the token generation there were a some features implemented that were already provided out of the box by that module (like timestamp fields calculation or mandatory claims). 

I reused the forked, and already deprecated, module that Goncalo Mangana created for the initial support for JWT to publish those changes. You can use that one for now (I'm hoping these changes will get merged eventually), all the public interface is exactly the same, only the dependencies and internal logic has changed. 

Installing this one will break the old Box Connector, as that one depends on a much older version of JWT. 

https://www.outsystems.com/forge/Component_Details.aspx?ProjectId=1982

João Almeida wrote:

For whoever it may help, I did some changes on the component that may help you:

  • Fixed this bug that João Barata reported
  • Changed support to the latest version of JWT component. If you installed a new version of JWT to use in another component it would break Box Connector. 
  • Cleaned up the JWT implementation and changed the dependency from the JWT_Core extension to the JWT module. The JWT_Core is meant to be an internal component. Using JWT module instead is easier, and in the current implementation of the token generation there were a some features implemented that were already provided out of the box by that module (like timestamp fields calculation or mandatory claims). 

I reused the forked, and already deprecated, module that Goncalo Mangana created for the initial support for JWT to publish those changes. You can use that one for now (I'm hoping these changes will get merged eventually), all the public interface is exactly the same, only the dependencies and internal logic has changed. 

Installing this one will break the old Box Connector, as that one depends on a much older version of JWT. 

https://www.outsystems.com/forge/Component_Details.aspx?ProjectId=1982