We are in the process of implementing a server-side app and so far we have been able to achieve the validation of the provided JWT, including respecting the rules about expiration, but we have come across a problem.
The provided JWT expires one hour after it is sent to the app, but the system doesn't seem to reload or resend the JWT when the expiration happens, which means that we can't rely on it for authentication in the long run (our agents will have the app open the whole day).
Is there some way to force Zendesk to reload the support app or resend an updated JWT in some way?
The JWT is used to authenticate only on the initial page load, so the app will continue to have access regardless of token expiration until the app is closed. Once the app is closed and restarted, the auth flow will take place again which will refresh access with the JWT.
Here’s a link to the docs which go in to a bit more detail:
https://developer.zendesk.com/documentation/apps/app-developer-guide/using-the-apps-framework/#authenticating-zendesk-in-your-server-side-app
If you have any questions, feel free to reach out!
Tipene