Secure Settings not being resolved to actual value

Answered

17 Comments

  • Oleg Gulevskyy
    Comment actions Permalink

    Having similar issue, where is the requirement marked as secure in the manifest.json file is not being resolved at all. It is returned as undefined when logging it.

    When making a request with client.request() and secure: true - server responds back looking for a secret, meaning it is not being resolved at this stage either

    0
  • Chris Sos
    Comment actions Permalink

    Hi Se Ve,

    Are you running this locally or after you've installed the app and populated the setting? If you've installed this, that's very odd that the value of the setting isn't being sent along with your request/being decorated.

    Oleg Gulevskyy,

    It's expected that you can't log a secure setting. The only time secure settings are added to requests is on the final "hop" out of Zendesk to the destination server. This is to ensure the settings are never shown to the client or returned in the browser.

    Are you running this locally? Or seeing this with an app you've installed already?

    0
  • Se Ve
    Comment actions Permalink

    Hi Chris Sos

    I'm seeing this behavior both locally (testing with zat server --app-id=<my-app-id>) as well as in my uploaded/installed app

    0
  • Oleg Gulevskyy
    Comment actions Permalink

    Hey Chris Sos
    Thanks for the reply.

    Indeed, it appears to be the case :) Added a string like {{setting.token}} to the actual request and it seems to work fine.

    Thanks for getting back to me with this one.

    0
  • Chris Sos
    Comment actions Permalink

    Hi Oleg Gulevskyy, glad to know that it's working for you.

    Hey Se Ve,

    zat server --app-id=xxx

    Can be a little confusing. The ID you need in there is actually the installation ID, not the app's ID when running that command (it's misnamed).

    It's odd though that it's still not working from the installation into your account though. In the browser when the app is making the request, are you seeing the request go to ...zendesk.com/proxy/secure...?

    0
  • Se Ve
    Comment actions Permalink

    Chris Sos

    For the request that's failing with a 401 as a result of the unresolved token, I see a request to my backend API url and not to `...zendesk.com/proxy/secure`

    0
  • Chris Sos
    Comment actions Permalink

    Hi Se Ve,

    In the front-end (from the app) you'll see that request. What does your code look like for making the request?

    0
  • Se Ve
    Comment actions Permalink
    // define default config at top of file
    const defaultConfig = {
    cors: true,
    dataType: 'json',
    secure: true,
    headers: {
    Accept: 'application/json',
    'AUTH_TOKEN': "{{setting.token}}",
    },
    };
    // wrapper function to make requests
    export async function getRequest(url: string, data = {}, config = {}) {
    try {
    const settings = {
    ...defaultConfig,
    url,
    type: 'GET',
    data,
    ...config,
    };
    // client is the initialized ZAF client (i.e. const client = ZAFClient.init())
    const response = await client.request(settings);
    return response;
    } catch (e) {
    throw e;
    }
    }
    0
  • Se Ve
    Comment actions Permalink

    Hi Chris Sos

    Is there any update on this issue?

    0
  • Brett Bowser
    Comment actions Permalink

    Hey Se,

    I chatted with and we both agreed that this should be brought into a ticket to troubleshoot further. I'll generate a ticket on your behalf so our Customer Care team can look into this further.

    Cheers!

    0
  • Omar Samuels
    Comment actions Permalink

    I am having this exact same problem where my private app installed on our Zendesk team account is not resolving the token.

     

    I am getting this: 

    `x-app-authorization: Bearer {{setting.tdadmintoken}}`

    in the Network Request Header.

    Everything is set correctly as per the documentation including the domainwhitelist setting, secure: true, etc.

    Is there a resolution or workaround?

    0
  • Se Ve
    Comment actions Permalink

    Omar Samuels

    My issue was that i had `cors: true` in my zaf client request settings. Apparently, having this property set to true causes the request to bypass the proxy where zendesk does the parameter resolution.  So try removing `cors: true` from your request settings if you have it set

    0
  • Omar Samuels
    Comment actions Permalink

    Thanks for the response Se, I really appreciate it.

    I don't have `cors: true` in my settings, however.

    I have:

    headers: { "Authorization": "Bearer {{setting.tdadmintoken}}"},
     
    Are you using the OAUTH in your case?  Does the Bearer method work for you?
    0
  • Se Ve
    Comment actions Permalink

    I am not using Oauth just passing a token through the header like you are. Something else to note is that secure settings doesn't work locally. While developing locally, I was using an actual jwt token to hit my backend.

    0
  • Omar Samuels
    Comment actions Permalink

    Thanks again.

    I'm having the issue whether testing locally or not, unfortunately.

    Do you know if that means I can just adopt your style of

    headers: {
    Accept: 'application/json',
    'AUTH_TOKEN': "{{setting.token}}",
    },

    ...and it should technically do the same as my "Bearer" method?

    I'm probably at the grasping-at-straws segment of my troubleshooting, but I'll give this a try.

     

    UPDATE: Unfortunately that didn't work.

    0
  • Chris Sos
    Comment actions Permalink

    Hi Omar Samuels,

    That should work yes. This part of the documentation goes over using secure settings as part of the ZAF Client's request method: https://developer.zendesk.com/apps/docs/developer-guide/using_sdk#using-secure-settings

    Hope this helps. Please note, secure settings do not work locally - you must install the app in your instance, or use the existing installation.

    0
  • Omar Samuels
    Comment actions Permalink

    Thanks for jumping in here Chris.

    Unfortunately, it did not work. 😔

    I've also gone over that document you linked to, many-a-times now and am very confident I have my setup correct.  I'm beginning to believe there must be some kind of bug at work here and would love a closer review.

    Can you please advise me on this?  As you would imagine this is an important and somewhat blocking issue.

    Thanks. 🙏

    0

Please sign in to leave a comment.

Powered by Zendesk