Adobe Campaign Standard

lorisg52723730 · 3/7/17

I am having an issue obtaining an access token using JWT too. I am getting "JWT token is incorrectly formatted, and can not be decoded" error whatever JWT token I use.
Here is an example request I am doing

curl -X POST -H "Content-Type: application/x-www-form-urlencoded" -H "Cache-Control: no-cache" -d 'client_id=***&client_secret=***&jwt_token=eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiYWRtaW4iOnRydWV9.EkN-DOsnsuRjRO6BxXemmJDm3HbxrbRzXglbN2S4sOkopdU4IsDxTI8jO19W_A4K8ZPJijNLis4EZsHeY559a4DFOd50_OqgHGuERTqYZyuhtF39yxJPAjUESwxk2J5k_4zM3O-vtd1Ghyo4IbqKKSy6J9mTniYJPenn5-HIirE' "https://ims-na1.adobelogin.com/ims/exchange/jwt"

client_id and client_secret are obfuscated here, but they are correct when I'm getting the error since omitting or tampering one of them will result in a "client_id/client_secret are incorrect" error instead.
Concerning the jwt_token, I tried various token, I tried base64 encoding the all token, etc. It is always returning the same "JWT token is incorrectly formatted" error. In the example, I used a JWT example from https://jwt.io/#debugger, so it is correctly formatted and can be decoded.
I am not sure how is supposed to be formatted the jwt_token parameter value.

ddphotoFr · 3/9/17

Hello,

I was able to reproduce your issue and solve it. For me, the issue comes from the optional jti parameter. If your organization doesn't need this, just remove it. Otherwise you may have to handle it properly (increase it at each request).

Regards,

Damien

View solution in original post

ddphotoFr · 3/8/17

Hello,

you can follow process explain here https://docs.campaign.adobe.com/doc/standard/en/adobeio.html

But your payload (the part after the ".") is in your example

{ "sub": "1234567890", "name": "John Doe", "admin": true }

but to work, it must look like:

{ "exp" : <expiry_time>, "iss" : "<your_org_id@AdobeOrg>", "sub" : "<your_tech_account_id>@techacct.adobe.com", "aud" : "https://ims-na1.adobelogin.com/c/<your_api_key>", "https://ims-na1.adobelogin.com/s/ent_campaign_sdk" : True }

As explained in the documentation, you can also see common authentication page: https://www.adobe.io/products/target/docs/reference/authentication/StepstogainAPIaccess

Regards,

Damien

Prakash_s_sv · 3/12/21

Im trying from .Net using JWT.io or Jose.JWT.Encode(payload, rsa, Jose.JwsAlgorithm.RS256); but still im getting this error. "{\"error_description\":\"JWT token is incorrectly formatted, and can not be decoded.\",\"error\":\"invalid_token\"}"

lorisg52723730 · 3/8/17

Hi Damien, thanks for helping. The JWT in my post was an example, but of course I tried with a proper JWT first. The error returned is not saying there is an issue with the content of the JWT, but that it is malformed and can't be decoded. That's why I also tried with a JWT from jwt.io which is known to be properly formed. So, either the error message is misleading, either my problem has nothing to do with the content of the JWT but its form.

Do you have an example of how the jwt_token parameter is supposed to look like? Should it be re-encoded with base64? Should I only pass the part after the "." ? I tried various JWT librairies, and they all properly encode / then decode the payload with my private key using RS256 algo. The only system complaining about not being able to decode the JWTs is the IMS adobelogin endpoint.

ddphotoFr · 3/8/17

The format is correct:

<base64(header)>.<base64(payload)>.<base64(sign)>

Did you check the expiration time?

ddphotoFr · 3/9/17

Hello,

I was able to reproduce your issue and solve it. For me, the issue comes from the optional jti parameter. If your organization doesn't need this, just remove it. Otherwise you may have to handle it properly (increase it at each request).

Regards,

Damien

lorisg52723730 · 3/9/17

Hi Damien,

you were right, thanks a lot for helping ! That's a shame the error message and the documentation are both so misleading about this... I was able to get an access token and i'm now trying to do a simple query as documented here: https://docs.campaign.adobe.com/doc/standard/en/adobeio.html. I went through all the available documentation, and our adobe campaign instance, and I have no idea how to build a proper endpoint URL. What is supposed to be the "tenant"? Can't find this information. I tried various URLs, and i'm getting various errors such as:

Oops. Something went wrong. Check your URI and try again.
Bearer token of a technical account must be accompanied with a valid service token
Invalid Api Key

ddphotoFr · 3/15/17

Hi,

tenant is your organization name.

You may find it your marking cloud URL: https://<tenant_id>.marketing.adobe.com

So, if your Marketing Cloud URL is https://ac-sample.marketing.adobe.com, you should use

https://mc.adobe.io/ac-sample/campaign/{rest-of-url}

Damien

paragkaptel · 6/5/23

The client must have the exchange_jwt scope
I am having this error.

Adobe Campaign Standard

"JWT token is incorrectly formatted" error when trying to get an AdobeIO API access token

Learn

Documentation

Community

Support

Resources

Adobe account

Adobe