I'm getting this response when calling the /token operation with a JWT on the Box OAuth 2 API:
"error_description": "Please check the 'iss' claim."
I've checked and double-check the value of the iss claim in the JWT which is defined as this at https://box-content.readme.io/docs/app-auth:
iss = The API key of the service that created the JWT assertion.
No matter what I've tried I get this error.
This occurred after setting the App's API key for Custom Applications in the "business Settings" -> Apps configuration for my account.
Can anyone point me in the right direction?
I believe the
Api Key is identical to the
client_id. Find it at
https://app.box.com/developers/services/edit/<your_id_here>. Are you using the correct key and id?
Thanks to srt32 I was able to use the utility at jwt.io to realise that I was calling JSON.stringyfy when I shouldn't have. it was adding double quotes around by string which caused them to be escaped with a backslash.