Changing from Get to Post method of the url https://mysubdomain.zendesk.com/access/jwt

Forum|Forum|1 year ago
July 11, 2024
1 reply
0 views

sandhya

I have an web application through which users access the zendesk portal

Previous Code

$now = time();

$token = array(
"jti" => md5($now . rand()),
"iat" => $now,
"name" => $name
"email" => $email
);

$jwt = JWT::encode($token, ZendeskJWT::$key, 'HS256');

$url = "https://mysubdomain.zendesk.com/access/jwt?jwt=" . $jwt;
if ('' == $returnTo) {
$location = $url;
}

$location = $url . '&return_to=' . $returnTo;

header("Location: " . $location);
exit;

Current code
$now = time();

$token = array(
"jti" => md5($now . rand()),
"iat" => $now,
"name" => $name
"email" => $email
);

$jwt = JWT::encode($token, ZendeskJWT::$key, 'HS256');

$ch = curl_init();
$postData = json_encode([
'jwt' =>jwt,
'return_to' => ‘https://mysubdomain.zendesk.com’
]);
$headers = array(
"Content-Type: application/json",
);
curl_setopt_array($ch, array(
  CURLOPT_URL => 'https://mysubdomain.zendesk.com/access/jwt',
  CURLOPT_POST => true,
  CURLOPT_TIMEOUT => 60,
  CURLOPT_MAXREDIRS => 10,
  CURLOPT_CUSTOMREQUEST => 'POST',
  CURLOPT_POSTFIELDS => $postData,
  CURLOPT_HTTPHEADER => $headers,
));

$response = curl_exec($ch);

if ($response && ($curlHttpCode == 200 || $curlHttpCode == 302)) {
$location = ‘https://mysubdomain.zendesk.com’;
header("Location: " . $location);
exit;
}

But the current code does not make me login to zendesk
when I redirect the user to return url on success it takes me back to my application as
https://my-app-admin.eventscloud.com/zendesk_sso.php?brand_id=10****20&locale_id=1&return_to=https%3A%2F%mysubdomain.zendesk.com%2Fagent&timestamp=1720694748

Can you please explain why?

J

Jakub20
Forum|Forum|1 year ago
July 25, 2024

Hello,

I've tried to troubleshoot your code and come up with a few points that may help you to correct it. Please note that this is only for instructional purposes and my knowledge of SSO is limited, though I tried to give it my best.

Your current code tries to handle the entire process via a server-side cURL POST request, which won't work due to the same-origin policy and the inability to set the required authentication cookies in the user's browser, as specified in the Zendesk documentation: https://support.zendesk.com/hc/en-us/articles/4408845838874-Enabling-JWT-single-sign-on

Current Code: You are making a POST request using cURL from your server.

Updated Approach: The JWT token is sent via a hidden HTML form that gets automatically submitted on the client side.

Updated Approach (Client-Side Form Submission):

$now = time();

$token = array(
"jti" => md5($now . rand()),
"iat" => $now,
"name" => $name,
"email" => $email
);

$jwt = JWT::encode($token, ZendeskJWT::$key, 'HS256');

// URL where Zendesk should redirect after successful authentication
$return_to = 'https://mysubdomain.zendesk.com';

$html = <<<EOT
<!DOCTYPE html>
<html>
<head>
<title>Redirecting...</title>
</head>
<body>
<form id="zendesk-sso-form" action="https://mysubdomain.zendesk.com/access/jwt" method="POST">
<input type="hidden" name="jwt" value="{$jwt}">
<input type="hidden" name="return_to" value="{$return_to}">
</form>
<script type="text/javascript">
document.getElementById('zendesk-sso-form').submit();
</script>
</body>
</html>
EOT;

echo $html;
exit;

By submitting the form on the client side, you adhere to Zendesk's documented requirements and ensure that the necessary cookies are set properly in the user's browser, enabling the SSO process to work as expected.

Like

Sign up

Login to the community

Scanning file for viruses.

This file cannot be downloaded