Jwtgrant 400 Error - SDKApp

saisagar.kache · April 18, 2020, 1:26pm

Hi Team,

I followed the steps as per the GitHub - Koredotcom/web-kore-sdk: web client sdk code, and trying to run SDKApp web-kore-sdk UI index.html page.
But I am getting 400 error from https://bots.kore.ai/api/oAuth/token/jwtgrant

I am using bot administrator email-id and as well as invited user’s email also, who is having access to my bot ( https://bots.kore.ai/botbuilder )

console_error1209×586 152 KB

the following is my JWT generation code

Following is the JWT token generated by a sample web application - ( https://westcon-sap-po-status.herokuapp.com/get_token )

eyJhbGciOiJIUzI1NiJ9.eyJjbGllbnRJZCI6ImNzLWI1ZDVjNTJmLWExMGItNTU3Ny1iYTlkLWExZWNlODE0MDFjYyIsImNsaWVudFNlY3JldCI6InFOd3Z3dWhFRGFxOWJhRDFKd1hVV3Z2RUhpZnFMZFJ3bklCSE82Qy9xMGc9IiwiaWRlbnRpdHkiOiJzYWlzYWdhci5rYWNoZUB0ZWNod2F2ZS5uZXQiLCJpc0Fub255bW91cyI6InRydWUifQ.aXgao7PDKrDfAzHqOTpFSihW05FKvbJT6wWJWJQHKBo

swagata.sengupta · April 18, 2020, 2:05pm

@saisagar.kache
Your JWT token when decoded on jwt.io looks like it has a payload of

{
  "clientId": "cs-b5d5c52f-a10b-5577-ba9d-a1ece81401cc",
  "clientSecret": "qNwvwuhEDaq9baD1JwXUWvvEHifqLdRwnIBHO6C/q0g=",
  "identity": "saisagar.kache@techwave.net",
  "isAnonymous": "true"
}

While it should be

{
  "appId": "cs-b5d5c52f-a10b-5577-ba9d-a1ece81401cc",
  "sub": "<unique identifier like email> saisagar.kache@techwave.net"",
  "isAnonymous": "true"
}

Please go through Getting started with widget sdk (v7.2 onwards)
topic for some help on how to set up web-sdk. You need not necessarily have widgets to be able to benefit from this.
Also refer to https://developer.kore.ai/docs/bots/sdks/user-authorization-and-assertion/

saisagar.kache · April 19, 2020, 5:07am

Thank you for the quick response @swagata.sengupta,

Actually I haven’t found this type of parameters in the https://github.com/Koredotcom/web-kore-sdk, As you suggested, I am sending the required parameters.
But now I am receiving 401 jwt verification error from https://bots.kore.ai/api/oAuth/token/jwtgrant

I picked up all the required information from the app Web/Mobile SDK page and utilized in UI/index.html file
But I am getting 401 error

I am using bot administrator email-id

401_auth

swagata.sengupta · April 19, 2020, 5:12am

@saisagar.kache
Can you paste one of your new jwt tokens?
What is get_token sending you?

https://github.com/Koredotcom/web-kore-sdk as stated in documentation clearly assumes one has their own jwt service.
The other links I sent you should help you with details of jwt.

saisagar.kache · April 19, 2020, 7:40am

http://localhost:4000/get_token is my JWT service,

{“jwt”:“eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCIsImVuYyI6Im15JGVjcmV0SzN5Iiwia2lkIjoie1xuZTpBUUFCXG5raWQ6ay1mZmJiMmI1OS03NTBhLTQ0YWYtOTFjMS1kZTBlODlkMDJmNmFcbmt0eTpSU0Fcbm46dEFXWjNaaFZSSnlQZS1JVG1tUXkweHAxWG1WRUp1elFGZG1xU1hfb1d0LUhJTnBOa2lMUnFHMkJ2T3I5SzhIRS1QYlZUVHA5S2dNUGk3Mi1OMW96Y0F4ckFNT2ZGWGE3RU1QYWVwaTRpTlZsVlNnRGJUMWUwU3hhODNrMGtrdkFaTXVpWjVYR3AtbWVFVjZNMHFuSjYtUVpGcUJFSTJzX1VIN2JlQ2ZxZUIxQ1FFWHpTT1ZkdFd3UzZCd2pWV051REdpbU8xTk8xRm81Z3preDg2c2dLa0c1UWtRSHVodEYzMUllMW11TFhlcGpGQWRTclhaZ0xiM1h5YXdNNWhWWVlvdnpFTGRJMlZfcGRQRXdvZHpTWWk2V1VRLXJMelNEUTVYVl9obm9hUlJQRGVRQ2I5Smk4eDcwT19lWUZsdHZ5SWRZY0lCSS1EMDZqMWlwemRxT3J3XG59XG4ifQ.eyJzdWIiOiJzYWlzYWdhci5rYWNoZUB0ZWNod2F2ZS5uZXQiLCJhdWQiOiJodHRwczovL2lkcHJveHkua29yZS5jb20vYXV0aG9yaXplIiwiaXNBbm9ueW1vdXMiOiJmYWxzZSIsImlzcyI6ImNzLTVjNTVjMDM1LTk5MzEtNTNkYy05ZjU4LTQ1MWVmODAxZDdhYiIsImlhdCI6MTU4NzI3NTMzNCwiZXhwIjoxNTg3MzYxNzM0fQ.01vZRqIH8pW7h_h2lO9G7qlJMj7WTxnbtBVJnLYf1Ns”}

swagata.sengupta · April 19, 2020, 7:46am

@saisagar.kache
Can you please try with “appId” instead of “iss” ?
Also, do you need to keep the header this heavy? Only “alg” and “type” should be enough from Kore.ai platform perspective.

saisagar.kache · April 19, 2020, 5:45pm

eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhcHBJZCI6ImNzLTVjNTVjMDM1LTk5MzEtNTNkYy05ZjU4LTQ1MWVmODAxZDdhYiIsInN1YiI6InNhaXNhZ2FyLmthY2hlQHRlY2h3YXZlLm5ldCIsImF1ZCI6Imh0dHBzOi8vaWRwcm94eS5rb3JlLmNvbS9hdXRob3JpemUiLCJpc0Fub255bW91cyI6ImZhbHNlIiwiaWF0IjoxNTg3Mjg2Mjk0LCJleHAiOjE1ODczNzI2OTR9.YGV9uQlLV1CKCy0a7dwgPWhQMfhR8qDNmFMRHu69z9g

If I am using appId istead iss, I am getting 400 error.

use_appId

swagata.sengupta · April 22, 2020, 10:33am

@saisagar.kache
Got little busy. Inviting @Subrahmanyam @karthik.tadikonda for helping if they are available.

What is the error message (for 400)?
Also, can you please copy paste the index.html code (leave out script etc. part)?

saisagar.kache · April 22, 2020, 11:36am

Attached is the error message

        var json_data = {
              "appId": 'cs-5c55c035-9931-53dc-9f58-451ef801d7ab',
              "sub": 'saisagar.kache@techwave.net',
              "aud": "https://idproxy.kore.com/authorize",
              "isAnonymous": false,
           }

only_clientId

please find the index.html page in the bellow link

https://github.com/sagartechwave/sdk-app/blob/master/index.html

When, I change the “appId” to “iss” I am getting error verifying the jwt 401 error

Subrahmanyam · April 22, 2020, 12:15pm

Hi @saisagar.kache ,
When we decode the JWT which is returned by your JWT service, the payload looks as follows:

{
“identity”: "assign1@mailinator.com",
“aud”: “”,
“isAnonymous”: “false”,
“iat”: 1587558483,
“exp”: 1587644883
}

" sub" (the user identity) and “iss” (the client ID) should be part of the payload

The JWT token returned by your JWT service should have the payload as follows when decoded.

{
“iat”: 1587557663491,
“exp”: 1587644063491,
“aud”: “https://idproxy.kore.com/authorize”,
“iss”: “cs-43f4bc60-bb27-5af8-9530-XXXX”,
“sub”: "abc@test.com",
“isAnonymous”: “false”
}

Please make the change as needed and let us know if you still observe any issues.

saisagar.kache · April 22, 2020, 1:53pm

Hi @Subrahmanyam,

When I am passing the bellow json data to my JWT service
{
“sub”: ‘saisagar.kache@techwave.net’,
“aud”: “https://idproxy.kore.com/authorize”,
“isAnonymous”: false,
“iss”: ‘cs-5c55c035-9931-53dc-9f58-451ef801d7ab’
}

I am receiving JWT token as follows

eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJzYWlzYWdhci5rYWNoZUB0ZWNod2F2ZS5uZXQiLCJhdWQiOiJodHRwczovL2lkcHJveHkua29yZS5jb20vYXV0aG9yaXplIiwiaXNBbm9ueW1vdXMiOiJmYWxzZSIsImlzcyI6ImNzLTVjNTVjMDM1LTk5MzEtNTNkYy05ZjU4LTQ1MWVmODAxZDdhYiIsImlhdCI6MTU4NzU2MDk5NywiZXhwIjoxNTg3NjQ3Mzk3fQ.SZcTxqTU5hFqHlRAgF3DPu4W9mE4Iwna5Lry9td06q8

jwt_

And I am getting 401 response error verifying the jwt

Please let me know If I need to change or modify the parameters in the JWT token

Subrahmanyam · April 22, 2020, 2:33pm

Okay, Can you recheck the client ID and secret at the bot? Also, have we published the webSDK channel?

Subrahmanyam · April 24, 2020, 11:00am

This issue has been resolved.
Problem here - the JWT is not signed with the secret of the application creation on Kore.ai platform.

sameera.tumuluri · October 20, 2021, 7:11pm