JWT Configuration Error in Web Add-On

JWT Configuration Error in Mobile Add-Ons

Steps for Debugging the Error

1. On the ASAP setup page in your Zoho Desk portal, check whether the JWT authentication method is enabled. 
   
   
   
2. If you encounter the error in a web add-on, check if the add-on is hosted in the same domain provided in the setup page.
   
   
   
   
   
3. Make sure that the correct JWT secret is used in the JWT code.
   
   Here is a sample code that depicts the use of a JWT secret.
   
   
   
4. The JWT secret must be in the correct format, i.e., an alphanumeric string partitioned by two dots (.). No other characters must be present before or after it. 
   
   
   
5. Verify the correctness of the details in the JWT secret, on the JWT website.
   
   Paste the JWT token in the Encoded panel and check the payload on the Decoded panel.
   
   Then, define the duration of validity for the token. To mention the starting time, use the not_before, nbf (not before), or iat (issued at) parameters. 
   
   To mention the ending time, use the not_after or exp (expires at) parameters.
   
   Keep in mind that if nbf and iat are used, the time must be expressed in seconds, whereas if not_before, not_after, or exp are used, it must be expressed in milliseconds.
   
   It doesn't matter if you include all the duration-related parameters in the JWT. Just make sure to pair the parameters and their values correctly.
   
   
6. Also, make sure that the duration of validity does not exceed 10 minutes.
   
7. The JWT end-point is called from the Zoho Identity and Access Management (IAM) server and not from the browser. Therefore, check the working of the JWT end-point by triggering authentication from the web/mobile add-on and not a browser. Add logger statements in the JWT code to ensure that the validation call reaches the end-point.
   
8. Also, make sure that the JWT is generated properly, by adding logger statements.