Expand my Community achievements bar.

We are excited to introduce our latest innovation to enhance the Adobe Campaign user experience — the Adobe Campaign v8 Web User Interface!
SOLVED

Getting Error while generating Access Token (ACS- API)

Avatar

Level 4

Hi ,

I am trying to Test the transactional messaging via Adobe Campaign Standard through API call.

We have gone through the following references regarding usage of Adobe Campaign Standard APIs:

https://helpx.adobe.com/campaign/kb/working-with-acs-api.html

https://console.adobe.io/integrations

https://www.adobe.io/apis/cloudplatform/

https://docs.campaign.adobe.com/doc/standard/en/api/ACS_API.html

  • We have done the integration with ACS using Adobe I/O and have got the API Key (Client ID), Technical account ID, Technical account email, Organization ID, Client secret.
  • Using these values we generated a JWT Token (Java).
  • Further with the JWT Token, we were able to generate the values Access Token, Token Type, and expires_in(Java).
  • Finally, we were able to invoke the event in ACS, following which we received an Email.

Now the issue that we are facing is that We are receiving this error while trying to generate the access token using JWT and payload.

Server returned HTTP response code: 400 for URL: https://ims-na1.adobelogin.com/ims/exchange/jwt/

1272113_pastedImage_8.png

We checked it using POSTMAN. We are getting the below error. But using the Same JWT token we were able to generate access token earlier. We did not change anything in our code.

1272094_pastedImage_5.png

Any guess, what might be wrong here? W are stuck on this .

Any suggestion/help would be great.

Thanks

Senthil

1 Accepted Solution

Avatar

Correct answer by
Level 4

Hi Florent,

The issue is resolved now. I opened a case with spphelp@adobe.com. They helped us with this.

While trying to create the JWT Token in Adobe IO console. I was copying the key without the following(only the key part of it ).

------BEGIN PRIVATE KEY-----

-----END PRIVATE KEY-----

So it turns out that the entire content of the private key has to be copied in order to generate the JWT Token.I am able to generate it now.

Though the issue of JWT token is resolved via Adobe IO console. The initial issue is still not resolved.

When I am programmatically generating the JWT token, on further using this to generate the access token it is giving me errors.

Note : JWT token generated through Adobe IO console is different from the JWT Token generated via a java program. ( Ref. Adobe document,

Service Account Integration )

It's under the topic Create JWT. Adding a snip for reference. Please let me know if there is any update on this.

1283530_pastedImage_1.png

View solution in original post

20 Replies

Avatar

Level 10

Hi Senthil,

Can you try to generate private/public keys using this (and then generating a new JWT token):

openssl req -nodes -text -x509 -newkey rsa:2048 -keyout secret.pem -out certificate.pem -days 356

  openssl pkcs8 -topk8 -inform PEM -outform DER -in secret.pem  -nocrypt > secret.key

instead of what is mentioned in the docs:

openssl req -x509 -sha256 -nodes -days 365 -newkey rsa:2048 -keyout private.key -out certificate_pub.crt

There seems to be a known issue in some cases with this one.

Let me know,

Florent

Avatar

Level 4

Thanks florent .

I have used this command to generate public and private keys .. from Service Account Integration

1272137_pastedImage_1.png

Avatar

Level 10

Hi Senthil,

Did it work for you? If you are still facing the problem, let us know.

Regards,

Amit

Avatar

Level 4

I tried creating the JWT token from Adobe IO Console. And I am faced with below error. I have used these commands to create private and public keys.

# create the certificate and private key using openssl

$ openssl req -nodes -text -x509 -newkey rsa:2048 -keyout secret.pem -out certificate.pem -days 356

# convert private key to DER format

$ openssl pkcs8 -topk8 -inform PEM -outform DER -in secret.pem  -nocrypt > secret.key

As far as using java to create tokens is concerned. I am able to create a JWT token with the same payload but that 's not working when I am using it to create the access token.

1272178_pastedImage_1.png

Avatar

Level 4

We are still facing this problem.

Any pointers will really help.

-Thanks

Senthil

Avatar

Level 10

Hi Senthil,

I just tried with my current implementation and it worked. I noticed I have one more line than you have in the payload:

    "https://ims-na1.adobelogin.com/s/ent_user_sdk": true,

    "https://ims-na1.adobelogin.com/s/ent_campaign_sdk": true,

This may not be the cause so can you also make sure that the private key is well formed?

  • Starts with: -----BEGIN RSA PRIVATE KEY-----
  • Ends with: -----END RSA PRIVATE KEY-----

Let me know,

Florent

Avatar

Level 4

Hi Florent,

Regarding the extra lines in the payload. Aren't these values generated automatically after the integration is completed? We don't have to manually add/delete anything, I believe.

And I checked my private key contents.

  • It starts with -----BEGIN PRIVATE KEY-----
  • It ends with -----END PRIVATE KEY-----

The word RSA is missing in both begin and end statements in my private key file.

I used these commands to generate the certificate and private keys(using Cygwin terminal).

Reference :  https://www.adobe.io/apis/cloudplatform/console/authentication/jwt_workflow.html

# create the certificate and private key using openssl

$ openssl req -nodes -text -x509 -newkey rsa:2048 -keyout secret.pem -out certificate.pem -days 356

# convert private key to DER format

$ openssl pkcs8 -topk8 -inform PEM -outform DER -in secret.pem  -nocrypt > secret.key

Is there any other way(commands) to generate these keys?

-Thanks

Senthil

Avatar

Level 10

Hi Senthil,

From what you describe, that should work. I'm surprised it doesn't. I'll try to investigate more on this.

In the meantime, do you have a way to try again from another machine?

  • Generate the key
  • Upload the new certificate
  • Generate the JWT

I'm sorry that you're having this problem.

Let me know if you can try this.

Florent.

Avatar

Employee Advisor

Hi Senthil,

Referring to the original problem statement you provided a screenshot from Postman. It shows that the JWT cannot be decoded.

For that just above the key-value section you have opted for form-data. Instead you need to use x-www-form-urlencoded. You will not get the error then.

Regards,
Vipul

Avatar

Level 4

Hi Florent,

I tried it from a different machine(created new certificate (uploaded and updated in the IO integration) and secret key. Again the same error occurred.

Is it possible that the key generation command that you are using is a different one? because the content of my private key file doesn't the word RSA in it.

-Senthil

Avatar

Level 4

Hi Vipul,

Thanks for the reply.

I changed the form content type from form-data to x-www-form-urlencoded and tried it again. Now also the JWT Token error is persisting.

Note: It's programmatically generated (which by the way worked the first time we did it ), access token got generated and events were being called/invoked as well.

Then I came across the way to generate JWT token by using Adobe IO JWT tab.

Since the error in postman is telling us that the jwt token is incorrectly formatted. I thought I should generate the JWT token from there instead of creating it myself(which anyway is not generating the access token).

JWT token is not getting generated through Adobe IO console too.

Is there anything else that might be wrong ?

1278411_pastedImage_0.png

Regards

-Senthil

Avatar

Level 10

Hi Senthil,

You should definitely have an RSA key pair if you used the given command so the fact that yours doesn't mention it should not be a problem. This is maybe due to the conversion to DER format.

I used an old key that I had generated some time ago the first time I integrated to Adobe I/O using a simple Mac terminal command, like ssh-keygen -t rsa

If you still don't manage get through this, I'd recommend contacting the Adobe I/O team here: Contact  They may have some insight about the recent changes that were made to the token part.

Florent

Avatar

Correct answer by
Level 4

Hi Florent,

The issue is resolved now. I opened a case with spphelp@adobe.com. They helped us with this.

While trying to create the JWT Token in Adobe IO console. I was copying the key without the following(only the key part of it ).

------BEGIN PRIVATE KEY-----

-----END PRIVATE KEY-----

So it turns out that the entire content of the private key has to be copied in order to generate the JWT Token.I am able to generate it now.

Though the issue of JWT token is resolved via Adobe IO console. The initial issue is still not resolved.

When I am programmatically generating the JWT token, on further using this to generate the access token it is giving me errors.

Note : JWT token generated through Adobe IO console is different from the JWT Token generated via a java program. ( Ref. Adobe document,

Service Account Integration )

It's under the topic Create JWT. Adding a snip for reference. Please let me know if there is any update on this.

1283530_pastedImage_1.png

Avatar

Level 4

Hi Vipul,

Thanks for pointing out the incorrect content-type in content type in POSTMAN request. I am getting the access token as a response via Postman request with the JWT Token generated from Adobe IO console now.

Regards

Senthil

Avatar

Level 2

Hi Florent,
we are facing the same issue that is reported here: we managed to get the token when we use the JWT generated by the Adobe IO console, while we get a "JWT token is incorrectly formatted, and can not be decoded." message when we use a JWT programmatically generated (Java snippet taken fron documentation).

From this thread is not clear if the issue is tracked or resolved.

Can you give us some hints on this topic?

Thanks.

Fabio.

Avatar

Level 2

Hi Florent,

we find at long last an issue in documentation (Java snippet):

// Expiration time in seconds

Long expirationTime = 86400L;

Using setting this brings to generate an invalid JWT token.

If I correct using a value such as:

        // Expiration time in seconds

        Long expirationTime = 1523010380L;

(that is the value provided by default from the IO console)

the JWT is valid.

Please amend the documentation or provide a valid range of this paramenter.

Thanks.

Fabio

Avatar

Level 4

Hi,

Has anyone been able to determine a reason the API is generating errors? I'm getting the following error message in the response when I import my curl into Postman:

{"error_code": "401013",
"message": "Oauth token is not valid"

}

Per the previous suggestions I've generated a token using both:

openssl req -x509 -sha256 -nodes -days 365 -newkey rsa:2048 -keyout private.key -out certificate_pub.crt

AND

openssl req -nodes -text -x509 -newkey rsa:2048 -keyout secret.pem -out certificate.pem -days 356

But neither seems to generate a valid JVT token.

The frustrating part is that, the first couple of times I did this, I received a valid response, something like the sample:

{

    "id": 438180,

    "name": "My new offer",

    "content": "<div>The content of the offer</div>",

    "modifiedAt": "2017-07-10T20:46:53Z"

}

For the past couple of days, no such luck.

Does anyone know what the root cause is?Adobe_IO_integration.png

Avatar

Level 2

I have same issue but still not get help from adobe help desk, last time they asked about environment which I have worked on and that`s it , whole day no response. My case number is 01165769.

{

    "error_description": "Could not match JWT signature to any of the bindings",

    "error": "invalid_token"

}

If you would help, I really appreciate it. Thank you

Avatar

Community Advisor

Hi, did you get the issue with 

{

   "error_code": "401013",

   "message": "Oauth token is not valid"

}

when using Postman resolved in some way? or did it just start to work again?

Avatar

Level 3

I was also receiving an error and for me when I changed to x-www-form-urlencoded It worked just fine.