Cory Waddingham

For anyone else who runs into this, the trick is that the JWT is only sent on the first request. Not any subsequent ones. So the entry point of your app, whatever is the location setting in manifest.js, has to handle the form. 

In my case I changed it so the manifest points to the backend, which does the JWT verification. It then responds with the frontend JS files that are compiled and minified, and does the actual rendering. Essentially what was originally in the iframe.html and main.js in assets for the app. 

Also, note that because the JWT is only sent once, you need to set up session management once the initial call is authed. 

I'm building an app with two parts: a React frontend for rendering the data, and a Python backend for generating it. I've been following this guide but can't get the JWT to work. According to the docs, it should be in the form data in a ‘token’ field, but there's no such field in the form data. 
 

I have “signedUrls: true” in the manifest.json. According to the docs this is all that's needed for Zednesk to add the ‘token’ field to the form data. But it's not working. Is there something else that needs to happen when building a custom frontend? Is there another option for grabbing or generating the JWT?