Authenticated Web Messaging POST /api/v2/webdeployments/token/oauthcodegrantjwtexchange error

Shubham_Bhosale · June 28, 2024, 12:16pm

Configured authenticated web messaging with azure Ad but as soon as
POST /api/v2/webdeployments/token/oauthcodegrantjwtexchange endpoint is hit it returns 401 status code along with message "Failed to identify user for token ...", payload for that request is as shown below in image and below code is continuously executed making the /api/v2/webdeployments/token/oauthcodegrantjwtexchange endpoint to be hit multiple times.
AuthProvider.registerCommand("reAuthenticate", (e) => {
document.getElementById("authLoginBtn").click();
e.resolve();
});

redirectUri is set to http://localhost:3000/ in both Azure configuration and AuthProvider plugin commands in backend application

vpirat · June 28, 2024, 2:19pm

Hi,

The code to exchange looks suspicious.
It looks like a JWT format.
This is usually an opaque string.

I would first advise to double check this input.
Can you provide a contextId for the request(s) you made (by checking the headers tab) ?
From there, I can check corresponding logs.

Regards,
V.P.

Shubham_Bhosale · July 1, 2024, 7:11am

Hello,

I am unable to retrieve the key named "contextId" for the requests. Below, I have shared all the keys in the header for your reference.

Also I have shared below the request body for your reference
{
"deploymentId": "",
"oauth": {
"code": "0.AVMAi-YBc5OdCUq3MnyUs9vuAF1mXJ3TpzBPmlLANnfwrxDFAKk.AgABBAIAAAApTwJmzXqdR4BN2miheQMYAgDs_wUA9P_foZ_AVJfH0-53xnd924B6izNO_D8NhliwFX_8Jc80aI5LMEtABl07k4a2b0nMrQoHXZU7OnKAYyZQJcmN55BWkeW6-bOu7VpsFGNcR4R94VdPikojwDp2UTgZEZYWScCxiJlLvAnl9xcS6S-mMx2PjgnYsdCPcQtCWLgDlMyKDxDNgiO3wrZ1BMPRAr-FfcN-WqZoWCrDkBLVo_8x8ECfluvmqW0rUYvTr6fQAxwnlgrp6rLCZXK19tdknz2hN3BHhEmmpNSrB0d7sUZTBD8CF2_5XLSIRYqz1sNYtTxQia1EIgqJiAWxkySl-WKywNB3o0LuIoLDzXPuv_j7cQdH0PctwS65EMyZcBTn_-sBhtVLPd3lUPUsBy4qg_4YSjj6JXPvEYnGqKRdAXPoLBacjfMI8Cya8_gMCAHaqR0vc9bQ4qi4DFwDNJSN5dE1sZn-0dJPLDf9k9lDWrpQ-RUkWWUP6gqY5nwynMN9cV8HG_ywjxESicAhEj2mUeNyc3P1XzCXaf_OdUQaR3qPiV1A2zbx_RVDBNSR99Yfq9P8VB5E3CgyiXSkzf8Rp69GZtFD2yUQGXgQZ3FqLYza2PepUNqsYWp3vWDyotMmsWen_YQwpLXOR7kPAmr2xA-P6ovyhGOIH0UBPASAvG7TXN-hL5yYT4lcCTCsvFfmPrvWezMasCoY_qjtIVLDZoPgQi8JsAwIf9s7AY26JzEzcf6Rgj0",
"redirectUri": "http://localhost:3000/"
},
"journeyContext": {
"customer": {
"id": "d8d7a4c6-b2b1-4372-93f0-17fadaba5113",
"idType": "cookie"
},
"customerSession": {
"id": "0b452050-376c-11ef-ab35-0bc1cdb18679",
"type": "web"
}
}
}

I appreciate your help with this matter. Thank you in advance.

vpirat · July 1, 2024, 8:09am

Hi,

I could see the following error:

invalid_client (AADSTS7000215: Invalid client secret provided. Ensure the secret being sent in the request is the client secret value, not the client secret ID, for a secret added to app '<redacted>'. Trace ID: 6f79699d-e5dd-49f5-b31d-4bcbc2e3cf00 Correlation ID: a5945843-a8a7-432e-9ce7-fa1ee1b0a801 Timestamp: 2024-07-01 07:05:06Z)

Make sure to use the secret value in the request, not the secretID:

Hope this helps,

Regards,
V.P.

Shubham_Bhosale · July 1, 2024, 10:40am

Thank you so much, was able to login now.

Shubham_Bhosale · July 3, 2024, 10:39am

Hello @vpirat ,
Upon logging in using microsoft and on successful authentication, we can see customer details like name and other information in the interactions on Genesys Cloud when a message is sent through web messaging. Similarly, if I have a custom website with customer login details stored in a database, how can I authenticate this user in Genesys as well, so that the customer's details are passed to Genesys in the interactions?

Because here the problem is customer must have microsoft account in order to authenticate self, we want to create a scenario where there is no need to login using microsoft account but customer logins using id and password stored in database and then too user is authenticated and details are passed over to Genesys

vpirat · July 3, 2024, 11:24am

Hi,

Thanks for reaching out.

This should be the Brand's authentication server. Hence it is assumed that users are already set-up.

Currently, we do support only OpenId framework. Doesn't mean it has to be Microsoft.
Any OpenId provider will do, and there are plenty of them:
AWS Cognito, Okta, Auth0, Google, Forgerock, etc.

Could you plug the OpenID provider with your existing database ?
Some of our customers developed their own OpenId provider as well.

Alternatively, feel free to submit an idea with your use case so that it can be shared with the community and reviewed by the product team.

Hope this helps,

Regards,
V.P.

Shubham_Bhosale · July 8, 2024, 5:06am

Hi @vpirat ,
Do you have any details regarding developing own OpenId provider to get started with? Because I tried but not able to find any way out for creating own OpenId provider.

Thanks

vpirat · July 8, 2024, 8:40am

Hi,

Here are some links to start with:

https://www.keycloak.org
It has a database support.

image1401×270 33.5 KB
https://awesome-openidconnect.cerberauth.com/
openid-provider · GitHub Topics · GitHub

Hope this helps,

Regards,
V.P.

system · August 8, 2024, 8:40am

This topic was automatically closed 31 days after the last reply. New replies are no longer allowed.