Recent searches
No recent searches
Problem with JWT token, not valid kid
Posted Jan 22, 2025
Hello, I have been trying to validate the entry to the Zendesk bot through the sdk on iOS, applying the jwt, what happens is that it generates the jwt and in the parameters it asks me for the secret key, which I do enter, but the key id I don't have the slightest idea which one is placed, since it has a format of "app_65165493848" and when I try to validate it through pages that validate if it is signed or No, only the invalid signature appears, I think the problem lies with Kid who asks me to place it, but I don't know exactly where the one I should put is.
1
7 comments
Greg Katechis
Hi Anthony! The kid and shared secret are two separate things, which is probably what's causing your issues. Take a look at this article that will show you how to get this all setup.
0
Anthony Plaza
Hi Greg!
Thank you for answering, but I tell you that I am clear about that, they are 2 different things and if I have the shared secret, the one that I don't know where I should obtain or generate it from is the kid, I would greatly appreciate it if you could give me an idea there.
Anthony
0
Anthony Plaza
Hello Keara, I tell you that based on your observation I found the appId and the shared secret, and I invoke it in the backend that generates the jwt, however valid in jwt.io I get invalid signature, and I enter the app and it does not authenticate the access to the bot.
I attach reference image of the appId and shared secret:
Please confirm if the data is correct, after that I attach a request for how I send the data within the jwt:
{
"kid": "app_6797b77d86edc971e83adb08",
"typ": "JWT",
"alg": "HS256"
}
{
"scope": "user",
"name": "xxxxx",
"external_id": "xxxxx",
"exp": 1738001343,
"iat": 1737997743,
"email": "xxxxxx"
}
I still get an invalid signature, please help.
0
Anthony Plaza
I attach reference image of the appId and shared secret:
Please confirm if the data is correct, after that I attach a request for how I send the data within the jwt:
{
"kid": "app_6797b77d86edc971e83adb08",
"typ": "JWT",
"alg": "HS256"
}
{
"scope": "user",
"name": "xxxxx",
"external_id": "xxxxx",
"exp": 1738001343,
"iat": 1737997743,
"email": "xxxxxx"
}
I still get an invalid signature, please help.
0
Greg Katechis
I'm not 100% clear at this point, but could you confirm that you do in fact have the full shared secret stored somewhere? If you test this on jwt.io, you will need to enter the shared secret in order to validate it and based on what you've said so far, I think that you may not have the full secret anywhere. If that's the case, I would recommend regenerating a new SDK and when you get the shared secret, you copy it down in a safe environment and then test it out. You will not be able to see the full shared secret once you are past this step.
0
Anthony Plaza
Hello again Greg.
I copied the shared secret from here, from the mobile sdk:
That's correct, I have the shared secret inside the backend, which I generate through it the JWT, this backend is made in Java with Maven, I attach reference:
String token = Jwts.builder()
.setHeader(headers)
.setClaims(claims)
.setIssuedAt(new Date(currentTime * 1000))
.setExpiration(new Date(expirationDate * 1000))
.signWith(SignatureAlgorithm.HS256, SECRET_KEY)
.compact();
Shared secret is stored in the SECRET_KEY parameter, and the generated token is returned, that token is what I am already trying to identify in Swift using Identify in the Zendesk instance.
Additionally, this generated token is the one that I try to validate in jwt.io and what comes out is invalid signature, I know that what is wrong is something very obvious but I don't know what it is, I would appreciate it if you could give me a hand!
0
Greg Katechis
Hi Anthony, sorry for the delay here…could you let me know if regenerating the secret and using that instead of the old one has presented the same problem for you?
0