Adam Cunliffe

Hi Christopher Kennedy, do you have any update on this? Is there any way of getting at logging information about why the error might have been returned?

 

Thanks

And in case you're asking about the server-side JWT generation, here's that too:

// C#

private string GenerateWebToken(byte[] keyBytes, string userEmail)
{
  var tokenHandler = new JwtSecurityTokenHandler();

  SecurityToken token = tokenHandler.CreateToken(new SecurityTokenDescriptor
  {
    Subject = new ClaimsIdentity(new[]
    {
      new Claim("name", userEmail)),
      new Claim("email", userEmail)),
      new Claim("external_id", userEmail)),
    },
    IssuedAt = DateTime.UtcNow,
    Expires = DateTime.UtcNow.AddMinutes(5),
    SigningCredentials = new SigningCredentials(
      new SymmetricSecurityKey(keyBytes),
      SecurityAlgorithms.HmacSha256Signature)
  });
  
  return tokenHandler.WriteToken(token);
}

Thanks very much for your help!

Hi,

I am having trouble getting Authentication working for the chat widget according to these instructions: https://support.zendesk.com/hc/en-us/articles/4408838925082

I have configured the chat widget to request authentication tokens, and they are indeed being requested from our API and sent on to the authentication endpoint.

However, the call to embeddable/authenticate that the widget makes after obtaining the token is always failing with status code 403 and error response:

{"error":"Forbidden","message":"Secret invalid"}

I have verified that the secret being used for JWT generation is correct, and the JWT itself looks valid when using the debugger on jwt.io. It also contains the payload specified by the above article:

At this point I'm not sure what else to try - could you provide any guidance?