JWT is missing when using OAuth

We are developing an app that requires access to a 3rd party API.

We are using OAuth support for this and have configured the oauth_config.json for this.

When running the app (installed a custom app) the login flow is executed. The login page of the 3rd party is presented and we can login.

After that the developer console give a “jwt is missing” error with a HTTP 401.
This error come from the FDK client.request which executed a POST to the 3rd party API.
The access_token and refresh_token is stored because I can find it in the localStorage of the browser.

However, I believe the problem lies in the fact that the access_token has a different lenght or value then it is supposed to. We see a values like this:

But when we manually test the 3rd party API using Postman and making a call to the /token endpoint we receive a JWT token which consists of 3 parts.
Could it be that the FDK does not expect a JWT response and uses only a part of the response?

See below the oauth_config.json and the POST body we use when calling the token endpoint from Postman. Data has been altered for security reasons.


  "client_id": "clientid",
  "client_secret": "clientsecret",
  "authorize_url": "https://3rdparty.com/authorize",
  "token_url": "https://3rdparty.com/oauth/token",
  "options": {
    "scope": "offline_access openid profile",
    "audience": "https://api.3rdparty.com/",
    "state": "login",
    "grant_type": "authorization_code"
  "token_type": "agent"

Postman POST body when calling token endpoint “https://3rdparty.com/oauth/token

    "grant_type": "authorization_code",
    "code": "mycode",
    "scope": "offline_access profile email device openid",
    "audience": "https://api.3rdparty.com/",
    "client_id": "TdV4Gvb2Jkp9OE9osJ8GT9wsrK3Pzl9X",
    "client_secret": "9gyeozU_AZCv9zf0OWOYAl5VJ8FV6JkMLDjqJJ02BN2CBxc3DYjz7EZ4FsMu-xyZ",
    "redirect_uri": "https://oauth.freshdev.io/auth/callback",
    "state": "login"

Freshdesk’s OAuth 2.0 flow only provides access_token. If the service you are trying to access expects a id_token, which is a JWT token, it will fail obviously. I am facing a similar issue while accessing a protected Google Cloud resource from the serverless app.

Just wondering if Freshdesk developers have any plan to allow us to use id tokens in place of access token?

1 Like


can you try with below example?

var getFiles = function() {
      var self = this,
        path = "/",
        headers = { Authorization: "bearer <%= access_token %>"},
        reqData = { headers: headers, isOAuth: true },
        url = "https://api.onedrive.com/v1.0/drive/root:" + path +
      client.request.get(url, reqData).then(
        function(data) {
          // var response = JSON.parse(data.response)["value"];
          // handleSuccess(response);
        function(error) {

FYI: you can’t access directly to access_token in local storage from the app, since it is sandboxed.

Note: you need to pass the isOAuth: true in the header in order to replace the template literal

Hope it helps :slight_smile: