Invalid JWT Token following demo instructions

Using this template helps us debug your issues more effectively

Description
I have created an app with JWT authorization and am trying to test it with the curl command shown in the example,

curl --request GET \
--url 'https://api.zoom.us/v2/users?status=active&page_size=30&page_number=1' \
--header 'authorization: Bearer { your_token }' \
--header 'content-type: application/json

My command line:

curl --request GET --url "https://api.zoom.us/v2/users?status=active&page_size=30&page_number=1" --header "authorization: Bearer { }" --header "content-type: application/json"

I have followed instructions in other tickets such as regenerating the secret key and the token. I have checked that the token is not expired and that it validates.

Error

{"code":124,"message":"The Token's Signature resulted invalid when verified using the Algorithm: HmacSHA256"}

Which App Type (OAuth / Chatbot / JWT / Webhook)?

JWT

Which Endpoint/s?

Users

Screenshots (If applicable)

Additional context
Add any other context about the problem here.

Hi @MBlyth,

Thanks for reaching out about this, and happy to help. To clarify, how are you generating your token? Have you tried generating the token using the embedded token generator from your JWT App, and do you run into the same issue?

If you’re using a library to generate the token programmatically, it could be an issue with the library you’re using

Let me know—thanks,
Will

Thanks. I should have explained that in my question, right? I did create the token from the embedded generator. I haven’t gotten as far as using a library. Expiration was not an issue, and I tried several times. As I said, I did regenerate the secret key also, and tried to use the new token. Same problem.

A colleague generated a new token and used a Python library to successfully access the API with no problems. However, we both tried cURL with the same token and it failed. Apparently the example in the Zoom documentation is either incorrect or depends on some other settings or contingencies. (That’s the example I cited in my original question.)

Hey @MBlyth,

Ah, I see. Thanks for clarifying. Can you make sure that your cURL request isn’t missing a ' at the end of the last header and let me know if you still see the issue? It looks like our sample snippet is missing an end quote—we will work on updating this.

cc @shrijana.g

Let me know—thanks!
Will

It’s true that the example is missing the end quote, but my request (see initial post) wasn’t. I changed all the single quotes to double because singles were causing cURL to crash, but they are all paired correctly I think.

Hey @MBlyth,

Thank you for confirming—are you sending your cURL command directly from your console/terminal? Is there anything unique about your environment? I’m glad it’s working via Python script, etc., but I’m wondering if there might be something about your environment that could be throwing this error.

Thanks,
Will

No, nothing unique; I’m just copying it to a Windows 10 command line.

Thanks for confirming @MBlyth. Do you get the same error when copying the cURL command generated directly from Postman, for example?

OK, I finally found the error. The example shows ... Bearer { your_token } ... which I interpreted to mean that there should be brackets around the token. That was the whole problem. Remove the brackets and it works. For those like me who are new to all this, it would be good to clarify that in the documentation, but after the fact it makes perfect sense.

Thanks.

Hey @MBlyth,

I’m glad to hear that you resolved your issue! We’ll continue working to make our documentation clearer and use your feedback for that process.

Please don’t hesitate to reach out if you encounter any further issues or questions.

Thanks,
Max

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.