Building a dedicated JWT endpoint for the Support SDK

Have more questions? Submit a request

22 Comments

  • Anton Mintsev
    Comment actions Permalink

    Hi!  in this flow picture you have user_token in URI. That can be confusing because it's in the request body

    2
  • candiceyang
    Comment actions Permalink

    According to the above steps , now I can test our JWT endpoint, the result same as the picture , return 200 and the result with "jwt" data. but when I call the zenDesk related api on android mobile, the zenDesk log hint 401 and return "{"error":"Couldn't authenticate you"}".

    Please give me some hints how to solve this issue?

    1
  • Eugene Potashkin
    Comment actions Permalink

    I have the same problem as candiceyang

    Any updates?

    0
  • candiceyang
    Comment actions Permalink

    Hi Eugene,

    My problem has been fixed by Zendesk support help.

    Please check the link https://support.zendesk.com/hc/en-us/requests/4446366  I hope it can also help you.

     

    0
  • Brett - Community Manager
    Comment actions Permalink

    @Candice, Eugene wouldn't have access to your ticket unfortunately to review any of the information between you and our agent unfortunately :-/

    @Eugene, you may want to confirm that you're passing over the required attributes for logging in as mentioned here: https://develop.zendesk.com/hc/en-us/articles/360001075248-Building-a-dedicated-JWT-endpoint-for-the-Support-SDK

    It may also be worth testing with another user account to see if that resolves the issue.

    Hope this points you in the right direction!

    0
  • Josiah Rininger
    Comment actions Permalink

    According to the above steps , now I can test our JWT endpoint, the result same as the picture, return 200 and the result with "jwt" data. But when I call the zenDesk related api on ios mobile, it returns "Response: HTTP/2.0 401".

    Please give me some hints how to solve this issue?

    0
  • Genesis Team
    Comment actions Permalink

    im trying to populate custom user fields by passing them in the sso response but its not working, is it doable?

    0
  • Colbey W
    Comment actions Permalink

    This isn't secure though if I open an endpoint to get user information and return it without authentication of the requester. Is there an IP Address I can white label for this request or a way to verify that Zendesk is asking for a JWT?

    1
  • Ladislav Lenčucha
    Comment actions Permalink

    How is user_identifier_provided_by_the_app used by Zendesk? Do you create a customer/user based on user identifier or is it based on returned email and phone from jwt token?

    Providing simply the user identifier is not secure at all as mentioned by Colbey W. We're thinking to provide another token (retrieved by mobile app) which will be accepted by our jwt service and return the data based on the token.

    Thanks!

    0
  • Bryan - Community Manager
    Comment actions Permalink

    Hi Colbey W Ladislav Lenčucha - Zendesk maintains a list of IPs that can be whitelisted here: Configuring your firewall for use with Zendesk

    There have been discussions and interest in making the getting of this list more dynamic (versus just listing them in this article), but currently this is the list to use to configure whitelisting by your service.

    Zendesk passes through the "user_identifier_provided_by_the_app" to your service. Your app can can encode a user ID, looking however you like. This process is to authenticate an existing user. The returned JWT from your service requires the user's email. See also Setting a unique identify -- it rounds out some of the information given in this article.

    0
  • Manish Kumar
    Comment actions Permalink

    Hello Charles Nadeau , Bryan - Community Manager, Brett - Community Manager

    Can you please help me in this.

    I am sending the below payload and there is no error coming but I don't know why the tags are not updated into the user.

    var payload = {
    name: 'Test User',
    email: 'test121@gmail.com',
    iat: 1576249361.257,
    jti: 93234,
    tags: ["test_tag","test_one"]
    };

    0
  • Bryan - Community Manager
    Comment actions Permalink

    Hello Manish. Are you just setting up your JWT service and is it working in general (without the tags)? Has the created JWT returned by your service been validated using something like https://jwt.io? Just want to make sure the basics are working.This may require you to submit a private ticket if we need to look at your account and authentication service in more detail.

    0
  • Fabio Versolatto
    Comment actions Permalink

    Hello !

    I developed the third part JWT API as well as configured the SDK Control Panel to redirect the JWT authentication method to this API as this article suggests.

    Testing the API by curl (exactly how looks this doc) I got 200 and received the jwt correctly.

    In my Android APP the initialize method aparently works fine, by the way, when I call another method (like the method bellows) I have the error "Unable to deserialize the provided object into AccessToken"

    RequestListActivity.builder()
    .show(this)

    Does anybody know the fix or had the same problem?

    1
  • Michael H
    Comment actions Permalink

    Bryan - Community Manager, Brett - Community Manager

    When I go into ZenDesk settings for the Mobile SDK and change the authentication type from anonymous to JWT, for a little while afterwards mobile applications trying to use ZenDesk JWT authentication get an error from ZenDesk saying that they are using the wrong authentication type. After a while, it starts working however. Is there a delay between when JWT authentication is enabled in the ZenDesk settings admin interface and when ZenDesk starts using those new settings? And if so, about how long is the delay? We've seen the delay last anywhere from as little as 10 minutes to as long as 3 hours. Is there any way to make this delay more consistant? Also, we've noticed that the delay is shorter for some clients than others. My theory is that there is some distributed system that settings changes get replicated across, and that some ZenDesk instances get the changes before others. Is that correct, or is there some other reason for the variable delay?

    1
  • Bhaktaraz Bhatta
    Comment actions Permalink

    Here is PHP/symfony Implementation. 

    https://gist.github.com/bhaktaraz/edbaa25c4100c9699bf1e5e2a80a8a90

    0
  • Bryan - Community Manager
    Comment actions Permalink

    Thanks Bhaktaraz Bhatta for posting that example!

    Michael H -- I don't see any documentation on an expected delay, but because a mobile app's setup should be relatively static and not change (at least not that often), there could perhaps be a delay. Do you have a use case where a mobile app's setup is changing often for some reason? Can you provide more details?

    I'm also referencing this KB article: Building a dedicated JWT endpoint for the Support SDK 

    0
  • Greg - Community Manager
    Comment actions Permalink

    One of our devs shared with us today that there could potentially be a delay when updating settings in the SDK, so I wanted to share this:

    1. It is possible that there is a delay of up to 15 mins caching time at our edge servers before the updated settings would be returned from the back-end
    2. The SDK caches settings for 1 hour, so if you try to use the SDK again during that 1 hour time, it will still be using the “old” settings. You can wait an hour, or you can uninstall/reinstall the app if you want to test the new settings.

    I also want to point out that you can use both an anonymous identity, as well as a JWT identity in the same app. Just go to Channels >> Mobile SDK >> Add app and then you can create the other identity. You can choose when to initialize the two!

    0
  • Serhii K
    Comment actions Permalink

    We have had the same issue as in https://develop.zendesk.com/hc/en-us/articles/360001075248/comments/360003673513 

    But after updating Android SDK from 3.0.0 to 4.0.0 -- the issue is gone. All's working fine

    0
  • Greg - Community Manager
    Comment actions Permalink

    Thanks for letting us know that, Serhii K! Are you fully on 4.0.0 now or did you need assistance with this for the 3.x.x issues?

    0
  • Ladislav Lenčucha
    Comment actions Permalink

    It's a shame there is no "Test it now" button in the Mobile SDK App Setup page. One where I could provide "unique_id" and get some kind of feedback whether the endpoint is reachable, returns correct JWT (content-wise and signature-wise).

    Would it be possible to have this? It would definitely help decrease number of support tickets on your side.

    1
  • Fawaz Ahmed
    Comment actions Permalink

    Is there a way to avoid email in the jwt payload as I need to use phone as primary identity ?

    2
  • Ladislav Lenčucha
    Comment actions Permalink

    Nope, field must be present and non-empty. However, in case of JWT authentication, you can provide also external_id which will be used for customer matching instad of email. The primary identity is then in your hands.

    0

Please sign in to leave a comment.

Powered by Zendesk