Signed JWT
JWT for Retrieving Access Tokens
To list an app on Talkdesk AppConnect™, you must take these security measures when retrieving an access token:
1 - The client authentication must be made using a signed JWT assertion (as per the private_key_jwt mechanism of OpenID Connect) to avoid sending credentials in the request body.
2 - To use this authentication mechanism, a JWT with information about the client has to be signed. The client_assertion_type parameter must be set to urn:ietf:params:oauth:client-assertion-type:jwt-bearer, and the JWT in the client_assertion parameter has to be provided.
3 - For each Talkdesk® account that installs a partner app, you get a private/public key pair, in addition to a client’s ID and secret. These credentials are used to create JWT tokens used to request an access token. The private key is provided to the customer in Base64-encoded PKCS#8 format.
The private key is not stored in Talkdesk systems. Talkdesk only stores the customer’s public key to validate the customer’s requests.
API Reference
Updated 24 days ago