0

I'm trying to create OpenTok session by Rest services with JWT object as suggested. I tried to generate session with Fiddler.

Here is my fiddler request (JWT string has been changed with *** partially for security reasons)

POST https: //api.opentok.com/session/create HTTP/1.1

Host: api.opentok.com

X-OPENTOK-AUTH: json_web_token

Accept: application/json

Content-Length: 172

eyJ0eXAiOiJKV1QiL******iOiJIUzI1NiJ9.eyJpc3MiOjQ1NzM******OiJkZW5l******XQiOjE0ODI3OTIzO***SOMESIGNEDKEYHERE***.izvhwYcgwkGCyNjV*****2HRqiyBIYi9M

I got 403 {"code":-1,"message":"Invalid token format"} error probably means my JWT object is not correct. I tried creating it using http://jwt.io (as opentok suggests) and other sites and all seems correct and very similar to the one on tokbox (opentok) site.

I need an explanation to fix it and create a session.

May it be because I am using opentok trial? JWT creation Parameters

Tuğrul Karakaya
  • 101
  • 1
  • 9

2 Answers2

0

I had the same problem. I resolved the error by setting the correct key-value pairs for the payload part.

Example of my payload is as follows in C#:

var payload = new Dictionary<string, object>()
{
    { "iss", "45728332" },
    { "ist", "project" },
    { "iat", ToUnixTime(issued) },
    { "exp", ToUnixTime(expire) }
};

The value of the "ist" should be set to "project", not the actual name of your project.

Update: Looking at your screenshot, I can say you have not set the secret key (here, it's your ApiKeySecret from TokBox account > project) at the very bottom right.

dubucha
  • 1,027
  • 10
  • 16
  • is ist equal to "project" not "myprojectname"? really? must be kidding... let me try it. I'll let you know the result. – Tuğrul Karakaya Dec 28 '16 at 10:39
  • Just a little background on `ist`: TokBox uses other claims at the user and account levels, in different contexts. This field is needed to disambiguate different issuer claim types. – wobbals Dec 28 '16 at 19:17
  • @TuğrulKarakaya So, how did it go? Did you fix the problem? – dubucha Dec 28 '16 at 21:37
  • I tried using old method 'connection.setRequestProperty("X-TB-PARTNER-AUTH", "45737392:db4****b51a4032a838**4c865d19****01");' My code gets sessionID correctly from the REST Service. This means My Java code for calling service is OK. But while trying to use new and suggested method with payload give still 403 error. Itried all possibilities. Please find my code below; – Tuğrul Karakaya Dec 29 '16 at 14:43
  • Here my payload creator payload = Jwts.builder() .setIssuedAt(currentTime) .setIssuer("45737392") .setExpiration(afterAddingFiveMins) .claim("ist", "project") .signWith(SignatureAlgorithm.HS256, "db4fde14b51a4032*********c865d19a14be01") .compact(); return payload; But even if I created payload on jwt.io it is still not working. strange any idea @R.Cha – Tuğrul Karakaya Dec 29 '16 at 14:49
0

OK I have found the answer at last,

Your Opentok API Secret key should not be used directly as Sign parameter. In java as shown below, it should be encoded first.

Base64.encodeToString("db4******b51a4032a83*******5d19a*****e01".getBytes(),0)

I haven't tried it on http://jwt.io and fiddler but it seems it will work on it too. Thanks. Full code is below;

payload = Jwts.builder()
             .setIssuedAt(currentTime)
             .setIssuer("YOUR_OPENTOK_KEY")
             .setExpiration(fiveMinutesAdded)
             .claim("ist", "project")
             .setHeaderParam("typ","JWT")
            .signWith(SignatureAlgorithm.HS256, Base64.encodeToString("YOUR_OPENTOK_SECRET".getBytes(),0))
            .compact();
    return payload;
Tuğrul Karakaya
  • 101
  • 1
  • 9