How to use JWT in HTTP Request

Question

I have successfully got a VBA script to request Call Logs for my company. However, I have been using the Bearer token that is generated by the 'Try It Out' button. I want to run this script automatically so I generated a JWT Token and added it into my requestHeader as the token generated seems to expire after an hour or so. I then switched my app to use JWT auth flow, however, it is not quite right and now I can't switch back to Password-based for testing. Please let me know what I am missing from my code.EDIT: I tried with curl and it gives me OAU-149 Invalid token. I have double checked that it copied correctly and even generated a new JWT token. Neither work in curl either :(dateVars = Format(Date - 1, "YYYY-MM-DD") 
Set objHTTP = CreateObject("WinHttp.WinHttpRequest.5.1")
    Url = "https://platform.ringcentral.com/restapi/v1.0/account/~/call-log?direction=Inbound&direction=Outbound&type=Voice&view=Detailed&withRecording=false&dateFrom=" & dateVars & "T14%3A00%3A00.000Z&dateTo=" & dateVars & "T13%3A59%3A00.000Z&page=1&perPage=100"
    objHTTP.Open "GET", Url, False
    objHTTP.setRequestHeader "accept", "application/json"
    objHTTP.setRequestHeader "authorization", "Bearer <JWT TOKEN HERE>"

PhongVu · Answer

What you tried was incorrect. The JWT token is not an access token, but it is a user credential that you can use to get the access token and refresh token instead of using the user username and password. If you understand PHP, you can convert this function to VBA script for your app.

private function authenticate(){

      $url = $_ENV["RC_SERVER_URL"] . "/restapi/oauth/token";

      $basic = $_ENV["RC_CLIENT_ID"] .":". $_ENV["RC_CLIENT_SECRET"];

      $headers = array (

              'Content-Type: application/x-www-form-urlencoded; charset=UTF-8',

              'Accept: application/json',

              'Authorization: Basic '.base64_encode($basic)

            );

      $body = http_build_query(array (

              'grant_type' => 'urn:ietf:params:oauth:grant-type:jwt-bearer',

              'assertion' => $_ENV["JWT_TOKEN"]

            ));

      try {

        $ch = curl_init($url);

        curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);

        curl_setopt($ch, CURLOPT_POST, TRUE);

        curl_setopt($ch, CURLOPT_RETURNTRANSFER, TRUE);

        curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);

        curl_setopt($ch, CURLOPT_TIMEOUT, 600);

        curl_setopt($ch, CURLOPT_POSTFIELDS, $body);



        $strResponse = curl_exec($ch);

        $curlErrno = curl_errno($ch);

        if ($curlErrno) {

          throw new Exception($curlErrno);

        } else {

          $httpCode = curl_getinfo($ch, CURLINFO_HTTP_CODE);

          curl_close($ch);

          if ($httpCode == 200) {

            $date = new DateTime();

            $jsonObj = json_decode($strResponse);

            $tokensObj = array(

              "tokens" => $jsonObj,

              "timestamp" => $date->getTimestamp()

            );

            // Logged in successfully => Save tokens in session or write to file/database for reuse

            $_SESSION['sessionAccessToken'] =  json_encode($tokensObj, JSON_PRETTY_PRINT);

            return;

          }else{

            throw new Exception($strResponse);

          }

        }

      } catch (Exception $e) {

        throw $e;

      }

    }

You can get the entire PHP project from my GitHub repo to learn more about how to use the refresh token to get a new access token if it expires.

Reply

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded