Invalid session when using JWT authentication or user access token

Guys please I need your help.

I’m trying to access HTTPS Endpoint using JWT or user access token

My JWT payload looks like this:

{
    "aud": "app_id",
    "sub": "user@mydomain.com",
    "iat": 1641459284,
    "exp": 1704459073
}

Now when I call the endpoint

curl --location --request POST 'https://eu-central-1.aws.data.mongodb-api.com/app/app_id/endpoint/someEndpoint?secret=1234 \
 --header 'jwtTokenString: My_JWT_Token' \
 --header 'Content-Type: application/json'

I get the following error:

{"error":"invalid session: error finding user for endpoint","error_code":"InvalidSession","link":"https://realm.mongodb.com/groups/error_log"}

I get the same error when calling the endpoint with the client access token in the header.

{"error":"invalid session: error finding user for endpoint","error_code":"InvalidSession","link":"https://realm.mongodb.com/groups/error_log"}

I tried verifying the access token, refreshing the access token, even deleting the user and creating it again without success.

However, if I call the endpoint by sending the email and the password in the request data, then it works.

I have been struggling with this problem for 3 days now :frowning: your help is very much appreciated.

Thanks in advance.

Hello @Mustafa_Al_Ani,

Thanks for raising this question.

Could you please help with some responses below:

  1. Could you please check if you have JWT Authentication enabled on the cloud? (under Authentication Providers)
  2. Where are you calling the HTTP endpoint from?

I look forward to your response.

Kind Regards,
Henna

Hi @henna.s,

  1. The custom JWT authentication is definitely enabled.
  2. I have tried different clients such as curl, postman, insomnia, and javascript. and I keep getting the same response.

Thank you very much for your help figuring this out :slight_smile:

/MA

1 Like

Hello @Mustafa_Al_Ani,

Could you share your Cloud Project link or your Realm App Id?

I look forward to your response.

Kind Regards,
Henna

Hello Mustafa,

Could you try these two actions:

  1. Please verify on jwt.io that your token is valid.
  2. Please write the token without the quotes like jwtTokenString: token

I look forward to your response.

Cheers,
Henna

Hi @henna.s ,
I have sent you the project id in a PM.
Regards,
Mustafa

Hello @Mustafa_Al_Ani,

Thanks for sharing the details. For future reference, Realm App Id is what you see on the Realm UI Dashboard, where you also see your App request details and logs. Here your App ID starts with sprt.

I am able to reproduce the error. It appears you are firing the request without authenticating the user. There are two ways that you can fix this:

  1. You authenticate the user first, and then send the request to the HTTP endpoint
  2. When you create the HTTP endpoint, you can turn user settings ON to create user upon firing request

I hope provided information is helpful.

Please don’t hesitate to ask if you have further questions.

Cheers,
Henna

1 Like

Thank you for getting back to me @henna.s , now there is something I don’t understand, when I authenticate a user (Username/Password provider) I get an access_token and a refresh_token.
Which I can’t use any way to request the HTTP endpoint.

I have tried different ways to use the access_token, could you please advise if it is even possible?