JWTシングルサインオンの有効化



image avatar

Charles Nadeau

Zendesk Documentation Team

編集日時:2025年6月11日


22

0

82件のコメント

Phone number is not updated to a zendesk account even if I set it in JWT token properly WITH android messaging SDK.

0


Hi! If an end user is already signed in to my platform, is there a way to automatically authenticate with Zendesk without doing the redirect flow? Specifically I want to avoid authenticated users to go to the Zendesk dashboard and have to click on Sign In (unless they are authenticated).

My current flow is:

1. Authenticate into my platform.
2. Click on a help center link to redirect users to Zendesk.
3. User is not signed in to Zendesk, click sign in.
4. Zendesk sends users back to the platform, auth flow happens.
5. User was signed in to the platform, redirect to Zendesk after auth flow.

What I need is:

1. Authenticate into my platform.
2. Click on a help center link to redirect users to Zendesk.
3. User was authenticated into the platform so it is automatically authenticated into Zendesk without any additional action.

Thanks in advance!
 

0


This solution does not work with Chrome, since it blocks any cross origin form requests and ignores the CSP form-action rule. Has anyone been able to get it work on Chrome?

0


Thanks to 6936336842906  for your response. I am using classic ASP.NET and didn't realize I needed a solution that worked from the client side. For me the solution was returning a page similar to this where it auto submits the form and triggers the redirect.

The Zendesk-provided github sample would be applicable if the user was submitting a form where the script is written client-side.

0


Hello Team,

We are currently in the process of converting from GET to POST with the below endpoint
https://yoursubdomain.zendesk.com/access/jwt.

 

Due to our architectural constraints we cannot submit this from a form instead we are authenticating from an endpoint when the user tries to access a zendesk resource (Python).
 

we do get a 403 when I do an automatic redirect using the below code.

aiohttp.ClientSession().post(url, data=json.dumps(data), headers=headers, allow_redirects=True)


we get a 302 when the redirect is set to False
aiohttp.ClientSession().post(url, data=json.dumps(data), headers=headers, allow_redirects=False)

 

data looks like below - 

{'jwt': ‘jwt_token_generated_here’}

Does the 302 mean the user is authenticated? I dont think so since we cannot access any zendesk resources.

When i try to access a helpdesk link it hits the remote login URL set up in the zendesk admin page. (This means I was not authenticated)

 

Can you please advise.

 

Ani

 

 

 

0


Hey Zendesk team!

We are migrating from GET to POST as all here. I was able to make this work even by sending it via the following form:
 

<form method="post" action="https://{YOUR_ZENDESK_SUBDOMAIN}.zendesk.com/access/jwt?jwt={token}" />

 

Meaning, the JWT token is being sent not as a separate field but as an Action URL.

Is it something that will stop working after May 1?

Thanks for the answer!

0


Caroline Kello I haven't seen any updates from you or your team about that process of providing a workaround for posting to the endpoint through a form you suggested. Is that something you guys are going to do or not? I am sure a lot of the devs following this thread would be very interested in that solution you proposed to me.

Thanks for following up.

0


To everyone struggling with the POST request requirements, their documentation of the endpoint is not complete.

 

In their docs, they show posting JSON to the /access/jwt endpoint directly, which is actually not an option in HTML/JS as the endpoint does not allow OPTIONS requests so preflight requests will all fail.

 

The endpoint actually accepts data in the standard encoded form format. Their own examples show this. 

 

<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>Zendesk Login Redirect</title>
<script>
window.onload = function() {
document.getElementById('zendeskLogin').submit();
}
</script>
</head>
<body>
<form id="zendeskLogin" method="post" action="<zendesk_login_url>">
<input type="hidden" id="jwt" name="jwt", value="<token>">
<input type="hidden" id="return_to" name="return_to", value="<return_to>">
</form>
</body>
</html>

 

This is a template you can use to substitute in the `zendesk_login_url`, `return_to`, and `token` parameters and return it as HTML to be rendered which will then redirect you to the return_to parameter.

2


Hello team, 

we are moving from GET to POST for API "https://yoursubdomain.zendesk.com/access/jwt"
and i got this "<html><body>You are being <a href="myUrl">redirected</a>.</body></html>"

i think the authentication done as the technical documentation but i found when the url redirected it's returned to my app again without redirect on zendesk.

i got this redirect sequence:


https://yoursubdomain.zendesk.com/hc/en-us/restricted?return_to="myUrl"
https://yoursubdomain.zendesk.com/auth/v2/login/sso?auth_origin=114093984452%2Cfalse%2Ctrue&brand_id=114093984452&locale=en-us

 

i already allow Single sign-on (SSO) zendesk configuration.
Any help ?!

 

 

 

0


Hi Team,

Recently I have implemented the new POST request for SSO and getting an error below while hitting the API from Postman as well as through the codebase.

 
rel="canonical">
<div class="notification notification-error">
        <div class="notification-inner">
            <span class="notification-icon"></span>
            <span class="notification-text">JWT signature invalid. The signature cannot be verified, check that your tokens match</span>
            <span class="notification-dismiss"></span>
        </div>
    </div>
 
I have tried resetting the shared key. It didn't work for me.

0


サインインしてコメントを残します。