Changing from Get to Post method of the url https://mysubdomain.zendesk.com/access/jwt

Hello,

I've tried to troubleshoot your code and come up with a few points that may help you to correct it. Please note that this is only for instructional purposes and my knowledge of SSO is limited, though I tried to give it my best.

Your current code tries to handle the entire process via a server-side cURL POST request, which won't work due to the same-origin policy and the inability to set the required authentication cookies in the user's browser, as specified in the Zendesk documentation: https://support.zendesk.com/hc/en-us/articles/4408845838874-Enabling-JWT-single-sign-on


Current Code: You are making a POST request using cURL from your server.

Updated Approach: The JWT token is sent via a hidden HTML form that gets automatically submitted on the client side.

Updated Approach (Client-Side Form Submission):

$now = time();

$token = array(
   "jti"   => md5($now . rand()),
   "iat"   => $now,
   "name"  => $name,
   "email" => $email
);

$jwt = JWT::encode($token, ZendeskJWT::$key, 'HS256');

// URL where Zendesk should redirect after successful authentication
$return_to = 'https://mysubdomain.zendesk.com';

$html = <<<EOT
<!DOCTYPE html>
<html>
<head>
   <title>Redirecting...</title>
</head>
<body>
   <form id="zendesk-sso-form" action="https://mysubdomain.zendesk.com/access/jwt" method="POST">
       <input type="hidden" name="jwt" value="{$jwt}">
       <input type="hidden" name="return_to" value="{$return_to}">
   </form>
   <script type="text/javascript">
       document.getElementById('zendesk-sso-form').submit();
   </script>
</body>
</html>
EOT;

echo $html;
exit;

By submitting the form on the client side, you adhere to Zendesk's documented requirements and ensure that the necessary cookies are set properly in the user's browser, enabling the SSO process to work as expected.