We are developing an app that requires access to a 3rd party API.
We are using OAuth support for this and have configured the oauth_config.json for this.
When running the app (installed a custom app) the login flow is executed. The login page of the 3rd party is presented and we can login.
After that the developer console give a “jwt is missing” error with a HTTP 401.
This error come from the FDK client.request which executed a POST to the 3rd party API.
The access_token and refresh_token is stored because I can find it in the localStorage of the browser.
However, I believe the problem lies in the fact that the access_token has a different lenght or value then it is supposed to. We see a values like this:
5db38b87f4bd368ba5c0197735de1fbb566e2d443b1027a1b49e372bf257be81
But when we manually test the 3rd party API using Postman and making a call to the /token endpoint we receive a JWT token which consists of 3 parts.
Could it be that the FDK does not expect a JWT response and uses only a part of the response?
See below the oauth_config.json and the POST body we use when calling the token endpoint from Postman. Data has been altered for security reasons.
oauth_config.json
{
"client_id": "clientid",
"client_secret": "clientsecret",
"authorize_url": "https://3rdparty.com/authorize",
"token_url": "https://3rdparty.com/oauth/token",
"options": {
"scope": "offline_access openid profile",
"audience": "https://api.3rdparty.com/",
"state": "login",
"grant_type": "authorization_code"
},
"token_type": "agent"
}
Postman POST body when calling token endpoint “https://3rdparty.com/oauth/token”
{
"grant_type": "authorization_code",
"code": "mycode",
"scope": "offline_access profile email device openid",
"audience": "https://api.3rdparty.com/",
"client_id": "TdV4Gvb2Jkp9OE9osJ8GT9wsrK3Pzl9X",
"client_secret": "9gyeozU_AZCv9zf0OWOYAl5VJ8FV6JkMLDjqJJ02BN2CBxc3DYjz7EZ4FsMu-xyZ",
"redirect_uri": "https://oauth.freshdev.io/auth/callback",
"state": "login"
}