Creating a JWT using Adobe ColdFusion's built-in functions (example: base64urlEncode) does not produce a valid JWT. The resulting encoding is not what Zendesk expects. Zendesk returns "JWT format invalid".
Another clue of this situation is that the returned JWT that ColdFusion creates begins with the two characters "DQ" instead of "ey".
There are a number of JWT libraries referenced under https://github.com/zendesk/zendesk_jwt_sso_examples but none for ColdFusion.
This third-party library, however, has been used successfully in ColdFusion to build a valid JWT that Zendesk recognizes: https://github.com/bennadel/JSONWebTokens.cfc