最近の検索


最近の検索はありません

Problem with JWT token, not valid kid



投稿日時:2025年1月22日

Hello, I have been trying to validate the entry to the Zendesk bot through the sdk on iOS, applying the jwt, what happens is that it generates the jwt and in the parameters it asks me for the secret key, which I do enter, but the key id I don't have the slightest idea which one is placed, since it has a format of "app_65165493848" and when I try to validate it through pages that validate if it is signed or No, only the invalid signature appears, I think the problem lies with Kid who asks me to place it, but I don't know exactly where the one I should put is.


1

8

8件のコメント

image avatar

Greg Katechis

Zendesk Developer Advocacy

Hi Anthony! The kid and shared secret are two separate things, which is probably what's causing your issues. Take a look at this article that will show you how to get this all setup.

0


Hi Anthony,

The problem you’re facing seems to be related to the "kid" (Key ID) field in the JWT header, which is typically used to identify which key was used to sign the token. Here are some steps to help you resolve the issue:

  1. Locate the Key ID (kid):
    The "kid" is usually provided by the system or platform that issued the signing key. For Zendesk, you may need to check:
    • Your Zendesk app settings, where API credentials or signing keys are configured.
    • If you’re using a developer dashboard for the bot or SDK, look for the key details, which should include the "app_..." format you mentioned.
  2. Verify the Secret Key:
    Ensure you are using the correct secret key associated with the app or bot integration. If the key is incorrect or mismatched, the signature will not validate.
  3. Match the "kid" with the Signing Key:
    The "kid" in the JWT header must correspond to the identifier of the key being used to sign the token. Confirm that the "kid" matches the identifier of the secret key in your Zendesk configuration.
  4. Use the Correct Algorithm:
    Double-check the algorithm (e.g., HS256 or RS256) being used to sign the JWT. If the algorithm doesn’t match what Zendesk requires, the token will not validate.
  5. Test with Known Valid Data:
    To troubleshoot, try generating a JWT with known valid values for the secret key and kid. You can test the token using JWT debugging tools (like jwt.io) to ensure it is properly signed.
  6. Check Documentation or Support:
    If you’re still unsure where to find the correct "kid," refer to Zendesk’s developer documentation for the bot SDK. Alternatively, contact Zendesk support—they can provide specific guidance on how to retrieve and configure the key ID for your app.

0


Hi Greg!
Thank you for answering, but I tell you that I am clear about that, they are 2 different things and if I have the shared secret, the one that I don't know where I should obtain or generate it from is the kid, I would greatly appreciate it if you could give me an idea there.

Anthony

0


Hello Keara, I tell you that based on your observation I found the appId and the shared secret, and I invoke it in the backend that generates the jwt, however valid in jwt.io I get invalid signature, and I enter the app and it does not authenticate the access to the bot.
I attach reference image of the appId and shared secret:

Please confirm if the data is correct, after that I attach a request for how I send the data within the jwt:
{
 "kid": "app_6797b77d86edc971e83adb08",
 "typ": "JWT",
 "alg": "HS256"
}

 

{
 "scope": "user",
 "name": "xxxxx",
 "external_id": "xxxxx",
 "exp": 1738001343,
 "iat": 1737997743,
 "email": "xxxxxx"
}
I still get an invalid signature, please help.

 

0


I attach reference image of the appId and shared secret:

Please confirm if the data is correct, after that I attach a request for how I send the data within the jwt:
{
 "kid": "app_6797b77d86edc971e83adb08",
 "typ": "JWT",
 "alg": "HS256"
}

 

{
 "scope": "user",
 "name": "xxxxx",
 "external_id": "xxxxx",
 "exp": 1738001343,
 "iat": 1737997743,
 "email": "xxxxxx"
}
I still get an invalid signature, please help.

0


image avatar

Greg Katechis

Zendesk Developer Advocacy

I'm not 100% clear at this point, but could you confirm that you do in fact have the full shared secret stored somewhere? If you test this on jwt.io, you will need to enter the shared secret in order to validate it and based on what you've said so far, I think that you may not have the full secret anywhere. If that's the case, I would recommend regenerating a new SDK and when you get the shared secret, you copy it down in a safe environment and then test it out. You will not be able to see the full shared secret once you are past this step.

0


Hello again Greg.

I copied the shared secret from here, from the mobile sdk:



That's correct, I have the shared secret inside the backend, which I generate through it the JWT, this backend is made in Java with Maven, I attach reference:

 String token = Jwts.builder()
               .setHeader(headers)
               .setClaims(claims)
               .setIssuedAt(new Date(currentTime * 1000))
               .setExpiration(new Date(expirationDate * 1000))
               .signWith(SignatureAlgorithm.HS256, SECRET_KEY)
               .compact();

 

Shared secret is stored in the SECRET_KEY parameter, and the generated token is returned, that token is what I am already trying to identify in Swift using Identify in the Zendesk instance.
Additionally, this generated token is the one that I try to validate in jwt.io and what comes out is invalid signature, I know that what is wrong is something very obvious but I don't know what it is, I would appreciate it if you could give me a hand!


 

 

 


 

0


image avatar

Greg Katechis

Zendesk Developer Advocacy

Hi Anthony, sorry for the delay here…could you let me know if regenerating the secret and using that instead of the old one has presented the same problem for you?

0


サインインしてコメントを残してください。

お探しのものが見つかりませんか?

新規投稿