Botkit sdk "invalid jwt token"

(luis aros) #1

I’m trying to use the botkit, I followed the documentation instructions, the only difference is that I used instead of ngrok but should be the same. I face the message “invalid jwt token” (I add the client id, etc on config.json file) when I send a message to the bot, and the bot isn’t working it answer only if I disable the Botkit sdk.

serveo console: serveo recive the message

botkit console: display “invalid jwt token”

maybe the config.json is wrong configurate? someone can post a screenshot of a correct config file?

(Subrahmanyam Donepudi) #2

Hi @laros,
Please re-check the client id and client secret once again at the application you have used to subscribe for the botkit on bot builder and at the config.json file in the botkit SDK. Also, please verify the stream id and bot name in the js file in the botkit SDK from which the events are handled.

(luis aros) #3

Hi! Where is the stream id?

(Yalavarti Hareen Tej) #4

I faced some kind similar issue… however debugging by inspecting the elements and the source codes found that the jwt token should be - http://localhost:3000/api/users/sts intead of Capture222 the url given in this.

(Subrahmanyam Donepudi) #5

Hi @laros, streamid is the unique identifier created for each bot. You could find the streamid at the application you have used to subscribe for botkit on bot builder.

(luis aros) #6

Ok, I get it, so the streamid is the same as botid.
I still can’t solve this, but I try other things…

I modify the Key base Autherization Middleware .js file (BotKit/lib/app/middlewares/APIKeyMiddleware/index.js) of the sdk, I add some console.log to verify that that the credentials are ok.
The first problem that I find is that the code is extracting the wrong part of the url. The url is /bots/bot_id/on_user_message, so I change var botId = url.split("/")[3], from the index 3 to 2.
Then I comment the “try/catch” that display the “invalid jwt token” to watch the error. I copy the jwt token of the console log and analyze it on, I see that the header and body are ok, but it’s failed in the signature verification. So the information in the config.json is correctly but the sdk is receiving a wrong jwt token.

(Yoga Ramya Mendu) #7

Hi @laros,

Apologies for the delay in response.

To check this issue further, we would require you BotKit code. Kindly send us your botKit to

Yoga Ramya.