We have enabled JWT SSO in our account for our users to log in the developers portal and implemented our side of it. Users are successfully sent to our Website to authenticate, but the problem is that every time we redirect back to Freshdesk with the token and the state in the URL we always get an authorization error saying the state or nonce was not passed but it has.
After successful login we redirect users to: https://ourcompany.freshworks.com/sp/OIDC/XXX/implicit?state=XXX&id_token=XXX where the URL is the one provided in the redirect URL at the freshworks security settings, state is the state passed to our app through the query URL form freshworks and id_token is the JWT generated according to the docs. We’ve verified the state matches the one received, and we have validated the token with the signature set in the security setting and we’ve verified it includes the nonce received, so at this point we have no clue of what we might be doing wrong.
I believe we would need to understand your problem better before finding a way to help you.
When you say “developers portal,” can you please expand on what portal you are referring to, with perhaps a URL of the same?
Could you share briefly how you have enabled JWT SSO for your account - maybe a screenshot might help? Also, is this “account” you refer to your Freshdesk account?
Does the JWT SSO work for any other logins within the Freshworks ecosystem?
Do you have some logs to share with us from your end as well?
Please do help us with these details so we could visualize the problem better.
