Debugging JWT-Related Errors While Configuring the ASAP Add-On

Debugging JWT-Related Errors While Configuring the ASAP Add-On

While setting up an ASAP add-on for your web/mobile app, you might encounter an error related to JSON Web Token (JWT) configuration. It is essential to debug this error because user authentication in the ASAP add-on is possible only through JWTs. 

JWT Configuration Error in Web Add-On

JWT Configuration Error in Mobile Add-Ons



Steps for Debugging the Error

  1. On the ASAP setup page in your Zoho Desk portal, check whether the JWT authentication method is enabled. 

  2. If you encounter the error in a web add-on, check if the add-on is hosted in the same domain provided in the setup page.

  3. Make sure that the correct JWT secret is used in the JWT code.

    Here is a sample code that depicts the use of a JWT secret.

  4. The JWT secret must be in the correct format, i.e., an alphanumeric string partitioned by two dots (.). No other characters must be present before or after it. 

  5. Verify the correctness of the details in the JWT secret, on the JWT website.

    Paste the JWT token in the Encoded panel and check the payload on the Decoded panel.

    Then, define the duration of validity for the token. To mention the starting time, use the not_before, nbf (not before), or iat (issued at) parameters. 

    To mention the ending time, use the not_after or exp (expires at) parameters.

    Keep in mind that if nbf and iat are used, the time must be expressed in seconds, whereas if not_before, not_after, or exp are used, it must be expressed in milliseconds.

    It doesn't matter if you include all the duration-related parameters in the JWT. Just make sure to pair the parameters and their values correctly.

  6. Also, make sure that the duration of validity does not exceed 10 minutes.
  7. The JWT end-point is called from the Zoho Identity and Access Management (IAM) server and not from the browser. Therefore, check the working of the JWT end-point by triggering authentication from the web/mobile add-on and not a browser. Add logger statements in the JWT code to ensure that the validation call reaches the end-point.
  8. Also, make sure that the JWT is generated properly, by adding logger statements.

    Redefine the way you work
    with Zoho Workplace

      Zoho DataPrep Personalized Demo

      If you'd like a personalized walk-through of our data preparation tool, please request a demo and we'll be happy to show you how to get the best out of Zoho DataPrep.

      Zoho CRM Training

        Create, share, and deliver

        beautiful slides from anywhere.

        Get Started Now

          Get started with Zoho Sign

          in a few quick steps!

          Download Help Guide

                    Still can't find what you're looking for?

                    Write to us:



                        Secure your business
                        communication with Zoho Mail

                        Mail on the move with
                        Zoho Mail mobile application

                          Stay on top of your schedule
                          at all times

                          Carry your calendar with you
                          Anytime, anywhere

                                  Zoho Sign Resources

                                    Sign, Paperless!

                                    Sign and send business documents on the go!

                                    Get Started Now

                                        Zoho SalesIQ Resources

                                            Zoho TeamInbox Resources

                                                    Zoho DataPrep Resources

                                                      Zoho DataPrep Demo

                                                      Get a personalized demo or POC

                                                      REGISTER NOW

                                                        Design. Discuss. Deliver.

                                                        Create visually engaging stories with Zoho Show.

                                                        Get Started Now

                                                                              • Related Articles

                                                                              • JWT for Authenticating Users in the ASAP Add-Ons

                                                                                Introduction Based on whether they choose to login to the ASAP add-on or not, end-users can be classified as guest users and authenticated users. Those who choose to not login are called guest users and those who choose to login are called ...
                                                                              • Working with the ASAP Add-On for the Web

                                                                                Introduction The ASAP add-on for websites makes your help center available within quick reach for your end-customers. By integrating this add-on with your website, you can provide your customers with easy access to your:  Customer support team (to ...
                                                                              • Working with the ASAP SDK for iOS

                                                                                SDK v2.0 Introduction The ASAP SDK for iOS makes help available within quick reach for the end-users of your iOS app. Using this SDK, you can create and customize an add-on that resides within your app and provides end-users with easy access to your: ...
                                                                              • Working with the ASAP SDK for React Native

                                                                                The ASAP SDK for React Native makes help available within quick reach for the end-users of your mobile app. Using this SDK, you can add and customize an add-on that resides within your iOS/Android app and provides end-users with easy access to your: ...
                                                                              • Generating nonces for the ASAP add-on

                                                                                Suppose your website or mobile app has a CSP (Content Security Policy) with script-src (a directive that controls a set of script-related privileges). In that case, you will not be able to embed the ASAP add-on using the regular code snippet. You ...
                                                                              Wherever you are is as good as
                                                                              your workplace



                                                                                Watch comprehensive videos on features and other important topics that will help you master Zoho CRM.


                                                                                Download free eBooks and access a range of topics to get deeper insight on successfully using Zoho CRM.


                                                                                Sign up for our webinars and learn the Zoho CRM basics, from customization to sales force automation and more.

                                                                                CRM Tips

                                                                                Make the most of Zoho CRM with these useful tips.

                                                                                  Zoho Show Resources