Oauthcodegrantjwtexchange returning 401 with custom oidc provider

venkata.korada · December 10, 2024, 3:26pm

Hi,

I have built a customer oidc provider, as we do not have oidc provider available in house. The api call https://api.usw2.pure.cloud/api/v2/webdeployments/token/oauthcodegrantjwtexchange is returning 401. When I checked the provider traffic, Genesys did make a successful call to the token endpoint. I am not sure what else could be causing this issue?

Api: https://api.usw2.pure.cloud/api/v2/webdeployments/token/oauthcodegrantjwtexchange
Request:

{
"deploymentId":"",
"oauth":{"code":"f3495991-765c-499c-b43c-3d347eb99bcc","redirectUri":"https://XXX.XXX.com"},
"journeyContext":{"customer":{"id":"058e33da-013c-4dde-9bb4-09e4c640acd5","idType":"cookie"},
"customerSession":{"id":"51315c00-b70a-11ef-9902-93cb7dca4175","type":"web"}}}

Response:

{
    "message": "Failed to identify user for token: bb8f731a7f91e1d61c0f3103748bcb06 deploymentId: fd1b59a6-58a1-467b-a9be-a7fc39dbfb06",
    "code": "unauthorized",
    "status": 401,
    "contextId": "42985d88-72f2-4126-b672-14067ece7a28",
    "details": [],
    "errors": []
}

Is there a way to check what caused this 401 in Genesys cloud?

vpirat · December 11, 2024, 8:35am

Hi,

Thanks for reaching out.

It looks like you are not providing the idToken in response when exchanging code.
Make sure you are requesting a code with a scope that includes openid (that's the minimum required).
An id token is compulsory. Access token is not.
If scope setting is correct, check your Idp to always include an Idtoken.

Please do not write sensitive data in your post like deploymentId or oauth code.
Giving the contextId is enough to troubleshoot.

Hope this helps,

Regards,
V.P.

system · January 10, 2025, 8:36am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.