Forge oauth JWT

I’m trying to authenticate a UI kit app with oauth similar to this google example use-an-external-oauth-2.0-api-with-fetch.

Using Azure AD I can successfully authenticate (hasCredentials() = true) but when I try and fetch my webservice I get this error

{“code”:401,“message”:“IDX10516: Signature validation failed. Unable to match key: \nkid: ‘POSSDS2ZQpJ3UjYXYGl8lV0’. \nNumber of keys in TokenValidationParameters: ‘0’. \nNumber of keys in Configuration: ‘1’. \nExceptions caught:\n ‘[PII of type ‘System.Text.StringBuilder’ is hidden. For more details, see https://aka.ms/IdentityModel/PII.]’. \ntoken: ‘[PII of type ‘System.IdentityModel.Tokens.Jwt.JwtSecurityToken’ is hidden. For more details, see https://aka.ms/IdentityModel/PII.]’. Valid Lifetime: ‘True’. Valid Issuer: ‘False’”}

Using Slack I can successfully authenticate (hasCredentials() = true) but when I try and fetch my webservice I get this error

{“code”:401,“message”:“IDX12741: JWT: ‘[PII of type ‘System.String’ is hidden. For more details, see https://aka.ms/IdentityModel/PII.]’ must have three segments (JWS) or five segments (JWE).”}

Is there any way I can debug this further? Maybe return the JWT so I can decode it?

Any other suggestions, I’ve burnt a lot of hours trying to get this working. Thanks.

I’ve turned off auth and looked at what forge is sending to my webservice and it looks as though the access_token is being sent as the bearer instead of the id_token.

According to Slack the JWT is the id_token. I’ve tried putting resolvers: accessToken: id_token but it doesnt change the payload. Can anyone help please?

{
“ok”: true,
“access_token”: “xoxp-25259531569-25259531633-1115294117523-7f41783ecc1056a1d96902642c7f27d3”,
“token_type”: “Bearer”,
“id_token”: “eyJhbGc…”
}

Anyone else struggling needs to implement this Implement a dynamic profile retriever with external authentication (atlassian.com)

Hi Ian

Just checking if you still need assistance. It appears you’ve unblocked yourself but I just want to check.