Apex Code Development You need to sign in to do that
Don't have an account?
GENERATE A JWT TOKEN for Salesforce Einstein Predictive Vision Service
Hi,
I am at the step Create a custom classifier/Set up authorization/Generate a JWT token.
When I run the script jwt.sh I get a response:
Your access token response:
{"message":"Invalid JWT token"}
I am on win10 64bit but don't have the anniversary update so I don't have bash coming with win10.
I have bash came with git.
As I don't have a valid JWT token I can not continue to "Step 1: Create the Dataset".
Please help.
Here is a more detailed output and my changes to the jwt.sh script:
Script output (with my password changed)
-------------------------------------------------------------------------------------------
$ ./jwt.sh ./00D0Y0000008amn.jks lajos.kelemen@accenture.com 3600 https://api.metamind.io
Enter destination keystore password: my_pass
Enter source keystore password: my_pass
Existing entry alias lkelemen_sf_devcert exists, overwrite? [no]: yes
Entry for alias lkelemen_sf_devcert successfully imported.
Import command completed: 1 entries successfully imported, 0 entries failed or cancelled
[Storing privateKey.p12]
MAC verified OK
Generated Assertion:
eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJsYWpvcy5rZWxlbWVuQGFjY2VudHVyZS5jb20iLCJzdWIiOiJsYWpvcy5rZWxlbWVuQGFjY2VudHVyZS5jb20iLCJhdWQiOiJodHRwczovL2FwaS5tZXRhbWluZC5pby92MS9vYXV0aDIvdG9rZW4iLCJleHAiOjE0NzYwODAzMTksImlhdCI6MTQ3NjA3NjcxOX0.EcvaPYv3bfA_HNsa_5tNFz6iajvprCee-kNfdSNMPHpgeMgWU3Z0LFt8AojJLNYZIzNydNarDtUbDkqhdpB_c2Ahi2xUhiy_ATnWaUWNrykROsv7dVu_l8smIb9s08N4mcllsDorNWcM9XWmVDlVgq4oegaeQhq2yCOuxn3jAb5IRlurXjSY125FTJs_3oE06vkZYieg6kxQYoeZiWvGfwhdgEB-szutrrXFgUEVKa5U_qj5HFQYlHV7yAcbRTxCc5vOwaAv7qCrjdFCfsmWXPlk-65DSoAFUXK12j6HbB-hHRimNrf-4lLz0mxMmDNC5HuLMHG8BOZMp6PDc19QBg
Your access token response:
{"message":"Invalid JWT token"}
-------------------------------------------------------------------------------------------
my script changes:
openssl pkcs12 -in privateKey.p12 -nocerts -nodes -out private_key
changed to (added -passin pass at the end)
openssl pkcs12 -in privateKey.p12 -nocerts -nodes -out private_key -passin pass:my_pass
-------------------------------------------------------------------------------------------
curl -H "Content-type: application/x-www-form-urlencoded" -X POST "$4/v1/oauth2/token" -d \
"grant_type=urn:ietf:params:oauth:grant-type:jwt-bearer&assertion=$jwt3.$jwt5" ; echo
changed to (added -k parameter to accept self signed certs?)
curl -k -H "Content-type: application/x-www-form-urlencoded" -X POST "$4/v1/oauth2/token" -d \
"grant_type=urn:ietf:params:oauth:grant-type:jwt-bearer&assertion=$jwt3.$jwt5" ; echo
I am at the step Create a custom classifier/Set up authorization/Generate a JWT token.
When I run the script jwt.sh I get a response:
Your access token response:
{"message":"Invalid JWT token"}
I am on win10 64bit but don't have the anniversary update so I don't have bash coming with win10.
I have bash came with git.
As I don't have a valid JWT token I can not continue to "Step 1: Create the Dataset".
Please help.
Here is a more detailed output and my changes to the jwt.sh script:
Script output (with my password changed)
-------------------------------------------------------------------------------------------
$ ./jwt.sh ./00D0Y0000008amn.jks lajos.kelemen@accenture.com 3600 https://api.metamind.io
Enter destination keystore password: my_pass
Enter source keystore password: my_pass
Existing entry alias lkelemen_sf_devcert exists, overwrite? [no]: yes
Entry for alias lkelemen_sf_devcert successfully imported.
Import command completed: 1 entries successfully imported, 0 entries failed or cancelled
[Storing privateKey.p12]
MAC verified OK
Generated Assertion:
eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJsYWpvcy5rZWxlbWVuQGFjY2VudHVyZS5jb20iLCJzdWIiOiJsYWpvcy5rZWxlbWVuQGFjY2VudHVyZS5jb20iLCJhdWQiOiJodHRwczovL2FwaS5tZXRhbWluZC5pby92MS9vYXV0aDIvdG9rZW4iLCJleHAiOjE0NzYwODAzMTksImlhdCI6MTQ3NjA3NjcxOX0.EcvaPYv3bfA_HNsa_5tNFz6iajvprCee-kNfdSNMPHpgeMgWU3Z0LFt8AojJLNYZIzNydNarDtUbDkqhdpB_c2Ahi2xUhiy_ATnWaUWNrykROsv7dVu_l8smIb9s08N4mcllsDorNWcM9XWmVDlVgq4oegaeQhq2yCOuxn3jAb5IRlurXjSY125FTJs_3oE06vkZYieg6kxQYoeZiWvGfwhdgEB-szutrrXFgUEVKa5U_qj5HFQYlHV7yAcbRTxCc5vOwaAv7qCrjdFCfsmWXPlk-65DSoAFUXK12j6HbB-hHRimNrf-4lLz0mxMmDNC5HuLMHG8BOZMp6PDc19QBg
Your access token response:
{"message":"Invalid JWT token"}
-------------------------------------------------------------------------------------------
my script changes:
openssl pkcs12 -in privateKey.p12 -nocerts -nodes -out private_key
changed to (added -passin pass at the end)
openssl pkcs12 -in privateKey.p12 -nocerts -nodes -out private_key -passin pass:my_pass
-------------------------------------------------------------------------------------------
curl -H "Content-type: application/x-www-form-urlencoded" -X POST "$4/v1/oauth2/token" -d \
"grant_type=urn:ietf:params:oauth:grant-type:jwt-bearer&assertion=$jwt3.$jwt5" ; echo
changed to (added -k parameter to accept self signed certs?)
curl -k -H "Content-type: application/x-www-form-urlencoded" -X POST "$4/v1/oauth2/token" -d \
"grant_type=urn:ietf:params:oauth:grant-type:jwt-bearer&assertion=$jwt3.$jwt5" ; echo
To validate your token, you'll need you public key from your certificate.
In the meanwhile, JWT tokens can be generated with a private key in many different ways. Here https://help.salesforce.com/HTViewHelpDoc?id=remoteaccess_oauth_jwt_flow.htm is an example of how to generate it in Java. Also, jwt.io is a convenient way to generate a token for testing. The jwt.sh script is just one example of how to generate a access token.
Hope this helps.
I wentto jwt.io but it is not clear to me how to generate a JWT there.
The other method using java seems to be even more difficult. I am not interested in generating JWT. I am interested in using the predictive vision service
public class VisionController {
public String getAccessToken() {
JWT jwt = new JWT('RS256');
jwt.cert = 'lkelemen_SF_devcert';
jwt.iss = 'developer.force.com';
jwt.sub = 'lajos.kelemen@accenture.com';
jwt.aud = 'https://api.metamind.io/v1/oauth2/token';
jwt.exp = '3600';
String access_token = JWTBearerFlow.getAccessToken('https://api.metamind.io/v1/oauth2/token', jwt);
System.debug('access token='+access_token);
return access_token;
}
.......
the log shows
15:11:51:365 USER_DEBUG [11]|DEBUG|access token=null
Is there any progress/solution?
Stuck in the same problem,
Is there any progress or help link to Develop things on Salesforce Einstein, or prediction services?
Hi!
I'm facing similar issue in generating token. I'm using jwt.sh. The error is 'Public Key not found'
PFB-
shalmali@shalmali-VirtualBox:~/api-utils$ ./jwt.sh /home/shalmali/Downloads/00D61000000KDSk.jks "xyz@gmail.com" 10800 https://api.metamind.io
Enter destination keystore password:
Enter source keystore password:
Existing entry alias certforeinstein exists, overwrite? [no]: yes
Entry for alias certforeinstein successfully imported.
Import command completed: 1 entries successfully imported, 0 entries failed or cancelled
[Storing privateKey.p12]
Enter Import Password:
MAC verified OK
Error outputting keys and certificates
3074291388:error:06065064:digital envelope routines:EVP_DecryptFinal_ex:bad decrypt:evp_enc.c:539:
3074291388:error:23077074:PKCS12 routines:PKCS12_pbe_crypt:pkcs12 cipherfinal error:p12_decr.c:104:
3074291388:error:2306A075:PKCS12 routines:PKCS12_item_decrypt_d2i:pkcs12 pbe crypt error:p12_decr.c:130:
private key:
header:
{"alg":"RS256","typ":"JWT"}
payload:
{"iss":"xyz@gmail.com","sub":"xyz@gmail.com","aud":"https://api.metamind.io/v1/oauth2/token","exp":1480433876,"iat":1480423076}
unable to load key file
3073681084:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:703:Expecting: ANY PRIVATE KEY
Generated Assertion:
eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJzYW1pdGFiaHBhd2RlQGRlbG9pdHRlLmNvbSIsInN1YiI6InNhbWl0YWJocGF3ZGVAZGVsb2l0dGUuY29tIiwiYXVkIjoiaHR0cHM6Ly9hcGkubWV0YW1pbmQuaW8vdjEvb2F1dGgyL3Rva2VuIiwiZXhwIjoxNDgwNDMzODc2LCJpYXQiOjE0ODA0MjMwNzZ9.
Your access token response:
{"message":"Public key not found"}
I get an error message like below when generated an OAuth token with cURL.
"Invalid JWT assertion"
any progress?
I have same issue "Invalid JWT assertion" related to Quick Start: Predictive Vision Service badge
What is the solution ?
Regards
I'd like to add that the current demo at https://metamind.readme.io/docs/apex-qs-create-classes starts out very clear but gets very confusing when you start talking about jwt.sub in step 12 of "Create the Apex Classes".
You instruct me to "update jwt.sub", but don't tell me what to do with jwt.sub after that. Should it also be saved as a discrete APEX class? If you click preview at the point you suggest, you get the frog but not the text under the frog, which I suspect is because I haven't updated my jwt.sub and haven't generated a token. There's no error message to indicate that anything is wrong...
I am referring to this link and using curl. When I paste the command in cmd to create datasets, getting error as "Invalid Access Token". Please help.
https://salesforcerealm.com/2020/03/07/authenticate-sfdx-using-jwt/