Reputation: 245
Azure B2C OAuth vs Hubspot JWT
I have an Azure B2C instance configured. We use the Identity Experience Framework, because of some custom user journeys we have configured. In Hubspot, I am trying to verify SSO for private content on websites. I need to set up Single Sign On based on JWT in Hubspot https://knowledge.hubspot.com/website-pages/set-up-single-sign-on-sso-to-access-private-content
In Azure B2C I have configured a secret key. I entered this secret key inside the HubSpot configuration page. But this page only recognizes the key as HS256 and not as RS256. So I select HS256.
The id_token which I got back from AzureB2C, to Hubspot, has the following header
{
"alg": "RS256",
"kid": "VHk1fkTeXwU9BUfQ_19VUi2cwM0ONJPcUbttMJNmTx8",
"typ": "JWT"
}
When the id_token is sent back to hubspot (after a successful user journey), the user gets redirected back to https://xxxx.eu/_hcms/mem/jwt/verify#id_token=eyJhbGcixxxxxxxxxx .etc And then the error below pops-up.
The documentation of hubspot tells me:
TOKEN_VERIFICATION_FAILED: token may be empty, null, incorrect, or the query parameter is unsupported. We support “jwt”, “code”, “id_token”, and “access_token” query parameters.
I think this is because its alg: is set to RS256. I have tried to change it to HS256 but, I am stuck in that process. There 3 small posts about it, but now I don't know what I can do... Some posts also tell me that Azure B2C only support RSA?
Azure AD B2C - Token validation does not work and Validate Azure B2C tokens with symmetric HS256 secrets How can I change the Oauth token algorithm type form RS256 to HS256 in azure portal?
The last post looks promising, but that doesn't work.
Update: After some more digging I found the following posts from almost a year ago https://community.hubspot.com/t5/APIs-Integrations/JWT-SSO-for-Private-Content-Invalid-Requirements-and-AWS-Cognito/td-p/517582
Does anyone have some experience with this problem?
Upvotes: 0
Views: 231
Answers (1)
Reputation: 1
If you pasted the client secret from Azure AD B2C into Hubspot Secret Key field, that's wrong. They are not the same. You will need the actual algorithm key Azure AD b2C use internally.
Upvotes: 0
Related Questions
- JWT Private / Public Key Confusion
- How is OAuth 2 different from OAuth 1?
- Single sign-on flow using JWT for cross domain authentication
- Struggling to verify a JWT token in Node.js
- What are the main differences between JWT and OAuth authentication?
- Azure B2C Invalid Jwt Signiture
- Convert a JWT token into SAML assertion in Azure AD B2C
- How can I change the Oauth token algorithm type form RS256 to HS256 in azure portal?
- Generate the token that can be validated against RSA signing key in azure
- Accessing user data from Azure B2C AD with OAuth 2.0