Having trouble getting an JWT access token for auth on Poynt API calls (python3.5)

lon · January 6, 2017, 11:30pm

Hi,

I’m trying to test the Poynt cloud APIs and am having trouble getting the initial access token. I’ve followed the code available here https://github.com/poynt/python-sample and am using python3.5.

Here is the output from my script:

--REQUEST--
{'api-version': '1.2', 'Accept': '*/*', 'User-Agent': 'python-requests/2.12.4', 'Connection': 'keep-alive', 'Content-Length': '450', 'Content-Type': 'application/x-www-form-urlencoded; charset=UTF-8', 'Accept-Encoding': 'gzip, deflate'}
grantType=urn%3Aietf%3Aparams%3Aoauth%3Agrant-type%3Ajwt-bearer&assertion=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJleHAiOjE0ODM3NDU3NzcsInN1YiI6InVybjphaWQ6N2EwNjdkODgtNzQzOC00NGNjLThhYzktMzRlMjRjYWYxMWE0IiwianRpIjoiNWVlOWM5YmEtOGMzOS00NWE0LTg3NjYtYTU3MDBmMzE3MjIzIiwiaWF0IjoxNDgzNzQ1NDc3LCJhdWQiOiJodHRwczovL3NlcnZpY2VzLnBveW50Lm5ldCIsImlzcyI6InVybjphaWQ6N2EwNjdkODgtNzQzOC00NGNjLThhYzktMzRlMjRjYWYxMWE0In0.kbpr6CUuNhMRmcx_9Lxz1Pfyq7NxJ14WHS2v9FcASok

--RESPONSE--
401
{"code":"INVALID_ACCESS_TOKEN","httpStatus":401,"message":"Access token is missing or invalid.","developerMessage":"JWT is not a valid token.","requestId":"f1b7112c-3697-4cba-8a64-00d8d97bad21"}

Here is the actual code:

import jwt
import uuid
import requests
from cryptography.hazmat.backends import default_backend
from cryptography.hazmat.primitives.serialization import load_pem_private_key
from datetime import datetime, timedelta

POYNT_API_ENDPOINT = 'https://services.poynt.net'

APPLICATION_ID = '<your poynt application id>'
PRIVATE_KEY_FILE = '<your private key file>'


with open(PRIVATE_KEY_FILE) as keyfile:
    private_key = load_pem_private_key(bytes(keyfile.read(), 'utf-8'),
                                       password=None,
                                       backend=default_backend())

jwt_payload = {
    'exp': datetime.utcnow() + timedelta(seconds=300),
    'iat': datetime.utcnow(),
    'iss': APPLICATION_ID,
    'sub': APPLICATION_ID,
    'aud': POYNT_API_ENDPOINT,
    'jti': str(uuid.uuid4())
}

jwt_token = jwt.encode(jwt_payload, str(private_key), algorithm='HS256')

if __name__ == '__main__':
    token_endpoint = POYNT_API_ENDPOINT + '/token'

    headers = {
        'api-version': '1.2',
        'Content-Type': 'application/x-www-form-urlencoded; charset=UTF-8'
    }

    payload = {
        'grantType': 'urn:ietf:params:oauth:grant-type:jwt-bearer',
        'assertion': jwt_token
    }

    r = requests.post(token_endpoint, headers=headers, data=payload)
    print('\n--REQUEST--')
    print(r.request.headers)
    print(r.request.body)
    print('\n--RESPONSE--')
    print(r.status_code)
    print(r.text)

Any help would be appreciated!

lon · January 6, 2017, 11:38pm

Nevermind, it looks like I was using the wrong signing algorithm to generate the the request token. Here is code that is works (for posterity):

import jwt
import uuid
import requests
from cryptography.hazmat.backends import default_backend
from cryptography.hazmat.primitives.serialization import load_pem_private_key
from datetime import datetime, timedelta

POYNT_API_ENDPOINT = 'https://services.poynt.net'

APPLICATION_ID = '<your poynt application id>'
PRIVATE_KEY_FILE = '<your private key file>'


with open(PRIVATE_KEY_FILE) as keyfile:
    private_key = load_pem_private_key(bytes(keyfile.read(), 'utf-8'),
                                       password=None,
                                       backend=default_backend())

jwt_payload = {
    'exp': datetime.utcnow() + timedelta(seconds=300),
    'iat': datetime.utcnow(),
    'iss': APPLICATION_ID,
    'sub': APPLICATION_ID,
    'aud': POYNT_API_ENDPOINT,
    'jti': str(uuid.uuid4())
}

jwt_token = jwt.encode(jwt_payload, private_key, algorithm='RS256')

if __name__ == '__main__':
    token_endpoint = POYNT_API_ENDPOINT + '/token'

    headers = {
        'api-version': '1.2',
        'Content-Type': 'application/x-www-form-urlencoded; charset=UTF-8'
    }

    payload = {
        'grantType': 'urn:ietf:params:oauth:grant-type:jwt-bearer',
        'assertion': jwt_token
    }

    r = requests.post(token_endpoint, headers=headers, data=payload)
    print('\n--REQUEST--')
    print(r.request.headers)
    print(r.request.body)
    print('\n--RESPONSE--')
    print(r.status_code)
    print(r.text)