I am having an issue obtaining an access token using JWT too. I am getting "JWT token is incorrectly formatted, and can not be decoded" error whatever JWT token I use. Here is an example request I am doing
client_id and client_secret are obfuscated here, but they are correct when I'm getting the error since omitting or tampering one of them will result in a "client_id/client_secret are incorrect" error instead. Concerning the jwt_token, I tried various token, I tried base64 encoding the all token, etc. It is always returning the same "JWT token is incorrectly formatted" error. In the example, I used a JWT example from https://jwt.io/#debugger, so it is correctly formatted and can be decoded. I am not sure how is supposed to be formatted the jwt_token parameter value.
I was able to reproduce your issue and solve it. For me, the issue comes from the optional jti parameter. If your organization doesn't need this, just remove it. Otherwise you may have to handle it properly (increase it at each request).
you were right, thanks a lot for helping ! That's a shame the error message and the documentation are both so misleading about this... I was able to get an access token and i'm now trying to do a simple query as documented here: https://docs.campaign.adobe.com/doc/standard/en/adobeio.html. I went through all the available documentation, and our adobe campaign instance, and I have no idea how to build a proper endpoint URL. What is supposed to be the "tenant"? Can't find this information. I tried various URLs, and i'm getting various errors such as:
Oops. Something went wrong. Check your URI and try again.
Bearer token of a technical account must be accompanied with a valid service token
Hi Damien, thanks for helping. The JWT in my post was an example, but of course I tried with a proper JWT first. The error returned is not saying there is an issue with the content of the JWT, but that it is malformed and can't be decoded. That's why I also tried with a JWT from jwt.io which is known to be properly formed. So, either the error message is misleading, either my problem has nothing to do with the content of the JWT but its form.
Do you have an example of how the jwt_token parameter is supposed to look like? Should it be re-encoded with base64? Should I only pass the part after the "." ? I tried various JWT librairies, and they all properly encode / then decode the payload with my private key using RS256 algo. The only system complaining about not being able to decode the JWTs is the IMS adobelogin endpoint.