JWT Generation Documentation Confusion

Description
Referring to this documentation: https://marketplace.zoom.us/docs/guides/auth/jwt

The sample provided for JWT being included as the Bearer for an API call has some consistency issues, or is missing information. Or I am completely missing something.

The guide indicates this:
A single JWT consists of three components: Header, Payload, and Signature with a . separating each. For example: aaaaa.bbbbb.ccccc

The sample API code at the end shows the bearer value:
"Bearer 39ug3j309t8unvmlmslmlkfw853u8"

This bearer value does not have three distinct parts separated by periods as the JWT example above shows.

Here is a token generated by the JWT App interface:
eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJhdWQiOm51bGwsImlzcyI6IkZXdWJXN0FCUVQtRS1KSk5iSkY3dHciLCJleHAiOjE1ODc2Njg0NTMtImlhdCI6MTU4NzA2MzY1NH0.XT7Lu99kDx7T5EuABHw1D8T5QEHsLvFZpaWwzv0H_3c
(slightly modified to make it an invalid token)

This token does have three distinct parts separated by periods.

However, the documentation for generating a JWT token does not indicate that the Header and Payload need to be encoded. In fact, it clearly states:
Note: Though protected against tampering, the information contained in the Header and Payload is readable by anyone. Do not store confidential information in either of these elements.

So my questions!

  1. How do you encode the Header and Payload so it has the appearance of the JWT App generated JWT token and not plain text?
  2. How do you take the three (Header, Payload, Signature) and further encode them in a way that is comparable to the sample “Bearer” value? Or does that sample Bearer value have an invalid format?

Error
No error, yet. Developing the integration.

Which App Type (OAuth / Chatbot / JWT / Webhook)?
JWT

Which Endpoint/s?
None yet.

How To Reproduce (If applicable)
N/A

Screenshots (If applicable)
N/A

Additional context
N/A

Hi @kmwill23, my apologies for any confusion this has caused. The token in that cURL is intended to be a non-encoded JWT; for brevity it’s just a sample string. I can see how this is confusing. I’ve updated the documentation to be more clear.

curl --request GET \
  --url 'https://api.zoom.us/v2/users?status=active&page_size=30&page_number=1' \
  --header 'authorization: Bearer { your_token }' \
  --header 'content-type: application/json
1 Like

I had a feeling it would be something like this! Thank you Michael.

1 Like

Let us know if you have additional questions! :slight_smile:

-Tommy