Signed JWT
To obtain access tokens securely, signed JWT assertions are used in Talkdesk AppConnect™, ensuring client authentication without sending sensitive credentials.
JWT for Retrieving Access Tokens
To list an app on Talkdesk AppConnect™, you must take these security measures when retrieving an access token:
1 - The client authentication must be made using a signed JWT assertion (as per the private_key_jwt mechanism of OpenID Connect) to avoid sending credentials in the request body.
2 - To use this authentication mechanism, a JWT with information about the client has to be signed. The client_assertion_type parameter must be set to urn:ietf:params:oauth:client-assertion-type:jwt-bearer, and the JWT in the client_assertion parameter has to be provided.
3 - For each Talkdesk® account that installs a partner app, you get a private/public key pair, in addition to a client’s ID and secret. These credentials are used to create JWT tokens used to request an access token. The private key is provided to the customer in Base64-encoded PKCS#8 format.
The private key is not stored in Talkdesk systems. Talkdesk only stores the customer’s public key to validate the customer’s requests.
API Reference
Troubleshooting
If you have questions or technical issues, please open a ticket using this form.
Updated almost 2 years ago