Adobe Campaign Standard

Thanks florent .

I have used this command to generate public and private keys .. from Service Account Integration

Hi Senthil,

Did it work for you? If you are still facing the problem, let us know.

Regards,

Amit

I tried creating the JWT token from Adobe IO Console. And I am faced with below error. I have used these commands to create private and public keys.

# create the certificate and private key using openssl

$ openssl req -nodes -text -x509 -newkey rsa:2048 -keyout secret.pem -out certificate.pem -days 356

# convert private key to DER format

$ openssl pkcs8 -topk8 -inform PEM -outform DER -in secret.pem  -nocrypt > secret.key

As far as using java to create tokens is concerned. I am able to create a JWT token with the same payload but that 's not working when I am using it to create the access token.

We are still facing this problem.

Any pointers will really help.

-Thanks

Senthil

Hi Senthil,

I just tried with my current implementation and it worked. I noticed I have one more line than you have in the payload:

    "https://ims-na1.adobelogin.com/s/ent_user_sdk": true,

    "https://ims-na1.adobelogin.com/s/ent_campaign_sdk": true,

This may not be the cause so can you also make sure that the private key is well formed?

• Starts with: -----BEGIN RSA PRIVATE KEY-----
• Ends with: -----END RSA PRIVATE KEY-----

Let me know,

Florent

Hi Florent,

Regarding the extra lines in the payload. Aren't these values generated automatically after the integration is completed? We don't have to manually add/delete anything, I believe.

And I checked my private key contents.

• It starts with -----BEGIN PRIVATE KEY-----
• It ends with -----END PRIVATE KEY-----

The word RSA is missing in both begin and end statements in my private key file.

I used these commands to generate the certificate and private keys(using Cygwin terminal).

Reference :  https://www.adobe.io/apis/cloudplatform/console/authentication/jwt_workflow.html

# create the certificate and private key using openssl

$ openssl req -nodes -text -x509 -newkey rsa:2048 -keyout secret.pem -out certificate.pem -days 356

# convert private key to DER format

$ openssl pkcs8 -topk8 -inform PEM -outform DER -in secret.pem  -nocrypt > secret.key

Is there any other way(commands) to generate these keys?

-Thanks

Senthil

Hi Senthil,

From what you describe, that should work. I'm surprised it doesn't. I'll try to investigate more on this.

In the meantime, do you have a way to try again from another machine?

• Generate the key
• Upload the new certificate
• Generate the JWT

I'm sorry that you're having this problem.

Let me know if you can try this.

Florent.

Hi Senthil,

Referring to the original problem statement you provided a screenshot from Postman. It shows that the JWT cannot be decoded.

For that just above the key-value section you have opted for form-data. Instead you need to use x-www-form-urlencoded. You will not get the error then.

Regards,
Vipul

Hi Florent,

I tried it from a different machine(created new certificate (uploaded and updated in the IO integration) and secret key. Again the same error occurred.

Is it possible that the key generation command that you are using is a different one? because the content of my private key file doesn't the word RSA in it.

-Senthil

Hi Vipul,

Thanks for the reply.

I changed the form content type from form-data to x-www-form-urlencoded and tried it again. Now also the JWT Token error is persisting.

Note: It's programmatically generated (which by the way worked the first time we did it ), access token got generated and events were being called/invoked as well.

Then I came across the way to generate JWT token by using Adobe IO JWT tab.

Since the error in postman is telling us that the jwt token is incorrectly formatted. I thought I should generate the JWT token from there instead of creating it myself(which anyway is not generating the access token).

JWT token is not getting generated through Adobe IO console too.

Is there anything else that might be wrong ?

Regards

-Senthil

Hi Senthil,

You should definitely have an RSA key pair if you used the given command so the fact that yours doesn't mention it should not be a problem. This is maybe due to the conversion to DER format.

I used an old key that I had generated some time ago the first time I integrated to Adobe I/O using a simple Mac terminal command, like ssh-keygen -t rsa

If you still don't manage get through this, I'd recommend contacting the Adobe I/O team here: Contact  They may have some insight about the recent changes that were made to the token part.

Florent

Hi Vipul,

Thanks for pointing out the incorrect content-type in content type in POSTMAN request. I am getting the access token as a response via Postman request with the JWT Token generated from Adobe IO console now.

Regards

Senthil

Hi Florent,
we are facing the same issue that is reported here: we managed to get the token when we use the JWT generated by the Adobe IO console, while we get a "JWT token is incorrectly formatted, and can not be decoded." message when we use a JWT programmatically generated (Java snippet taken fron documentation).

From this thread is not clear if the issue is tracked or resolved.

Can you give us some hints on this topic?

Thanks.

Fabio.

Hi Florent,

we find at long last an issue in documentation (Java snippet):

// Expiration time in seconds

Long expirationTime = 86400L;

Using setting this brings to generate an invalid JWT token.

If I correct using a value such as:

        // Expiration time in seconds

        Long expirationTime = 1523010380L;

(that is the value provided by default from the IO console)

the JWT is valid.

Please amend the documentation or provide a valid range of this paramenter.

Thanks.

Fabio

Hi,

Has anyone been able to determine a reason the API is generating errors? I'm getting the following error message in the response when I import my curl into Postman:

{"error_code": "401013",
"message": "Oauth token is not valid"

}

Per the previous suggestions I've generated a token using both:

openssl req -x509 -sha256 -nodes -days 365 -newkey rsa:2048 -keyout private.key -out certificate_pub.crt

AND

openssl req -nodes -text -x509 -newkey rsa:2048 -keyout secret.pem -out certificate.pem -days 356

But neither seems to generate a valid JVT token.

The frustrating part is that, the first couple of times I did this, I received a valid response, something like the sample:

{

    "id": 438180,

    "name": "My new offer",

    "content": "<div>The content of the offer</div>",

    "modifiedAt": "2017-07-10T20:46:53Z"

}

For the past couple of days, no such luck.

Does anyone know what the root cause is?

I have same issue but still not get help from adobe help desk, last time they asked about environment which I have worked on and that`s it , whole day no response. My case number is 01165769.

{

    "error_description": "Could not match JWT signature to any of the bindings",

    "error": "invalid_token"

}

If you would help, I really appreciate it. Thank you

Hi, did you get the issue with 

when using Postman resolved in some way? or did it just start to work again?

I was also receiving an error and for me when I changed to x-www-form-urlencoded It worked just fine.