OpenTok Rest Service Invalid JWT Error on Fiddler Request

Question

I'm trying to create OpenTok session by Rest services with JWT object as suggested. I tried to generate session with Fiddler.

Here is my fiddler request (JWT string has been changed with *** partially for security reasons)

POST https: //api.opentok.com/session/create HTTP/1.1

Host: api.opentok.com

X-OPENTOK-AUTH: json_web_token

Accept: application/json

Content-Length: 172

eyJ0eXAiOiJKV1QiL******iOiJIUzI1NiJ9.eyJpc3MiOjQ1NzM******OiJkZW5l******XQiOjE0ODI3OTIzO***SOMESIGNEDKEYHERE***.izvhwYcgwkGCyNjV*****2HRqiyBIYi9M

I got 403 {"code":-1,"message":"Invalid token format"} error probably means my JWT object is not correct. I tried creating it using http://jwt.io (as opentok suggests) and other sites and all seems correct and very similar to the one on tokbox (opentok) site.

I need an explanation to fix it and create a session.

May it be because I am using opentok trial? JWT creation Parameters

Answer 1

OK I have found the answer at last,

Your Opentok API Secret key should not be used directly as Sign parameter. In java as shown below, it should be encoded first.

Base64.encodeToString("db4******b51a4032a83*******5d19a*****e01".getBytes(),0)

I haven't tried it on http://jwt.io and fiddler but it seems it will work on it too. Thanks. Full code is below;

payload = Jwts.builder()
             .setIssuedAt(currentTime)
             .setIssuer("YOUR_OPENTOK_KEY")
             .setExpiration(fiveMinutesAdded)
             .claim("ist", "project")
             .setHeaderParam("typ","JWT")
            .signWith(SignatureAlgorithm.HS256, Base64.encodeToString("YOUR_OPENTOK_SECRET".getBytes(),0))
            .compact();
    return payload;

Answer 2

I had the same problem. I resolved the error by setting the correct key-value pairs for the payload part.

Example of my payload is as follows in C#:

var payload = new Dictionary<string, object>()
{
    { "iss", "45728332" },
    { "ist", "project" },
    { "iat", ToUnixTime(issued) },
    { "exp", ToUnixTime(expire) }
};

The value of the "ist" should be set to "project", not the actual name of your project.

Update: Looking at your screenshot, I can say you have not set the secret key (here, it's your ApiKeySecret from TokBox account > project) at the very bottom right.