Using appUser scoped tokens in Smooch

Question

I am developing a widget that users in my company can use to communicate with end-users through Smooch.

The widget is accessible through the web browser and the communication goes mostly through a layer developed in node. However, I was trying to send attachments directly to Smooch to reduce the load in the server.

As I understand, it is necessary to use a token with a appUser scope to avoid issues with CORS.

I create the token using the following code

app.get('/getjwt', (req, res) => {
      var token = jwt.sign({ scope: 'appUser', userId: req.body.userId }, SECRET, { header: { 'alg': 'HS256', 'type': 'JWT', 'kid': '[app key ID]' } });
      res.send({ jwt: token });
});

I try to use the generated token (using Postman for tests) by making a request with Authorization Bearer [my generated token] and I get the following error:

{
    "error": {
        "code": "invalid_auth",
        "description": "Invalid JWT header. Missing key id (kid)"
    }
}

I have tried changing the 'kid' value to the app ID, the API key ID, and the API key Secret and I'm always getting the same error. What am I missing? Am I supposed to pass the Key ID somewhere else?

Thank you,

Answer 1

Your code works fine for me, what version of jsonwebtoken are you using? In v6.0.0 the headers option was renamed to header, so if you're using 5.x or lower your code should look like this instead

var token = jwt.sign({ scope: 'appUser', userId: req.body.userId }, SECRET, { headers: { 'alg': 'HS256', 'type': 'JWT', 'kid': '[app key ID]' } });

That said, Smooch already provides a fully functional web messenger / widget that you should use instead of attempting to build your own. It provides event hooks and methods to build a fully custom UI if that's what you're trying to achieve. See https://docs.smooch.io/guide/web-messenger/ and https://www.npmjs.com/package/smooch