Has anyone successfully integrated authenticated web messaging using Auth0 as their IAM?
We're currently running into issues when attempting to retrieve the JWT token. We are using the v2/webdeployments/token/oauthcodegrantjwtexchange API.
We are receiving a 401 error code. When we look at the contextID for logging information, it is stating that there is an unexpected ISS value.
Ex. unexpected iss value, expected https://test-auth.com/, got: https://no-auth-for-you.com/
When we add the correct value https://test-auth.com/ that is called out, we are still receiving the same error code. Even though it has the expected ISS value being sent.
The service checks indeed that the issuer from your discovery document matches the iss claim in the IdToken (See Final: OpenID Connect Discovery 1.0 incorporating errata set 2)
Looks like this is not the case.
This may be checked manually by retrieving the discovery document (<authorization server url>/.well-known/openid-configuration. See issuer element.
Authenticate manually (/authorize endpoint) and exchange a token (/token) using the code retrieved.
Check from the received token that iss is consistent.
When we add the correct value https://test-auth.com/ that is called out, we are still receiving the same error code. Even though it has the expected ISS value being sent.
Is this done in OAuth configuration ?
Do not use iss in Genesys Api v2/webdeployments/token/oauthcodegrantjwtexchange.
This is a reserved use for multi-tenancy and won't solve your issue.
To know if you should set it or not, verify that the iss value is set by the authorization server when calling back the redirect url and the value set should be used to call the /oauthcodegrantjwtexchange endpoint.
If no iss parameter is set in the redirect url, you should not set it.