Signed JWT

JWT for Retrieving Access Tokens

To list an app on Talkdesk AppConnect™, you must take these security measures when retrieving an access token:

1 - The client authentication must be made using a signed JWT assertion (as per the private_key_jwt mechanism of OpenID Connect) to avoid sending credentials in the request body.

2 - To use this authentication mechanism, a JWT with information about the client has to be signed. The client_assertion_type parameter must be set to urn:ietf:params:oauth:client-assertion-type:jwt-bearer, and the JWT in the client_assertion parameter has to be provided.

3 - For each Talkdesk® account that installs a partner app, you get a private/public key pair, in addition to a client’s ID and secret. These credentials are used to create JWT tokens used to request an access token. The private key is provided to the customer in Base64-encoded PKCS#8 format.

📘

The private key is not stored in Talkdesk systems. Talkdesk only stores the customer’s public key to validate the customer’s requests.


Did this page help you?