JWT is missing when using OAuth

We are developing an app that requires access to a 3rd party API.

We are using OAuth support for this and have configured the oauth_config.json for this.

When running the app (installed a custom app) the login flow is executed. The login page of the 3rd party is presented and we can login.

After that the developer console give a “jwt is missing” error with a HTTP 401.
This error come from the FDK client.request which executed a POST to the 3rd party API.
The access_token and refresh_token is stored because I can find it in the localStorage of the browser.

However, I believe the problem lies in the fact that the access_token has a different lenght or value then it is supposed to. We see a values like this:
5db38b87f4bd368ba5c0197735de1fbb566e2d443b1027a1b49e372bf257be81

But when we manually test the 3rd party API using Postman and making a call to the /token endpoint we receive a JWT token which consists of 3 parts.
Could it be that the FDK does not expect a JWT response and uses only a part of the response?

See below the oauth_config.json and the POST body we use when calling the token endpoint from Postman. Data has been altered for security reasons.

oauth_config.json

{
  "client_id": "clientid",
  "client_secret": "clientsecret",
  "authorize_url": "https://3rdparty.com/authorize",
  "token_url": "https://3rdparty.com/oauth/token",
  "options": {
    "scope": "offline_access openid profile",
    "audience": "https://api.3rdparty.com/",
    "state": "login",
    "grant_type": "authorization_code"
  },
  "token_type": "agent"
}

Postman POST body when calling token endpoint “https://3rdparty.com/oauth/token

{
    "grant_type": "authorization_code",
    "code": "mycode",
    "scope": "offline_access profile email device openid",
    "audience": "https://api.3rdparty.com/",
    "client_id": "TdV4Gvb2Jkp9OE9osJ8GT9wsrK3Pzl9X",
    "client_secret": "9gyeozU_AZCv9zf0OWOYAl5VJ8FV6JkMLDjqJJ02BN2CBxc3DYjz7EZ4FsMu-xyZ",
    "redirect_uri": "https://oauth.freshdev.io/auth/callback",
    "state": "login"
}

Freshdesk’s OAuth 2.0 flow only provides access_token. If the service you are trying to access expects a id_token, which is a JWT token, it will fail obviously. I am facing a similar issue while accessing a protected Google Cloud resource from the serverless app.

Just wondering if Freshdesk developers have any plan to allow us to use id tokens in place of access token?

1 Like

@Developer-Platform.

@j.couwenberg,
can you try with below example?

var getFiles = function() {
      var self = this,
        path = "/",
        headers = { Authorization: "bearer <%= access_token %>"},
        reqData = { headers: headers, isOAuth: true },
        url = "https://api.onedrive.com/v1.0/drive/root:" + path +
                  ":/children";
      client.request.get(url, reqData).then(
        function(data) {
          console.log(data);
          // var response = JSON.parse(data.response)["value"];
          // handleSuccess(response);
        },
        function(error) {
          console.log(error)
          //handleError(error);
        }
      );
    }

FYI: you can’t access directly to access_token in local storage from the app, since it is sandboxed.

Note: you need to pass the isOAuth: true in the header in order to replace the template literal

Hope it helps :slight_smile:

Thanks