Facing issue in securing sever-side app
Hi, We are working on building a server-side app to generate content for the iframe (to be shown in the sidebar). We have created a sample application so far. Now, We are trying to secure the app following this article - https://developer.zendesk.com/documentation/apps/build-an-app/building-a-server-side-app/bonus-part-secure-the-app/.
This tutorial explains adding a security feature in which Zendesk includes JWT token in the request for the initial page.
If we set `signedUrls` to true to make the app secure, it shows the following error message on the sidebar.
"name": "My Cat App",
"domainWhitelist": ["thecatapi.com", "api.thecatapi.com"],
How do we resolve this issue? Please let us know if you need any other information.
Hi Neeraj! Could you share the contents of the iframe.html, or if you're referencing from a .js file, the iframe and .js files? It looks like something in your code is returning an incorrect value or incorrect type and the signed urls portion may just be a red herring.
Hi Greg, thank you for your prompt response. I have updated the complete codebase on a Github public repo here. https://github.com/Cerebro92/zendesk-sample-app/tree/main/src
Thanks for sharing that...I'm able to reproduce this issue. It looks like we're returning a UUID instead of the installation_id of the app. I'm going to do some testing and I'll get back to you in a bit.
Hi Neeraj! I just realized what the issue is here...when testing locally, secure settings won't work. If you package and install the app, this will work.
thanks Greg! let me try deploying this application.
Greg! I just now deployed the app and it is working correctly now. I see API is called with JWT token in the request payload. thanks again!
Por favor, entrar para comentar.