Hi, Aditi.
You can implement it by changing the auth flow to match these steps: JWT without SDKs - Box Developer Documentation.
- Add the needed attributes to BoxApplication entity and set them on runtime;
- During the auth flow, retrieve the BoxApplication object and set JTI to a new JTI, created using “Random hash” java action;
- Edit the GetTokenServiceAcountImpl, adding the needed steps to create the JWT assertion, and make a POST to the token endpoint, passing “grant_type=urn:ietf:params:oauth:grant-type:jwt-bearer&client_id={client_id}&client_secret={client_secret}&assertion={assertion}” in the body;
It’s important that, once you get the token, all the requests you make have the “as-user” header correctly set.