I am trying to implement salesforce einstein and trying to get authorization for their api's.
In the docs it is written:
Create the JWT payload. The payload is JSON that contains:
sub—Your email address. This is your email address contained in the Salesforce org you used to sign up for an Einstein Platform Services account.
aud—The API endpoint URL for generating a token.
exp—The expiration time in Unix time. This value is the current Unix time in seconds plus the number of seconds you want the token to be valid. For testing purposes, you can get the Unix time at Time.is.
The JWT payload looks like this JSON.
JSON
{
"sub": "<EMAIL_ADDRESS>",
"aud": "https://api.einstein.ai/v2/oauth2/token",
"exp": <EXPIRATION_SECONDS_IN_UNIX_TIME>
}
Sign the JWT payload with your RSA private key to generate an assertion. The private key is contained in the einstein_platform.pem file you downloaded when you signed up for an account. The code to generate the assertion varies depending on your programming language. If you're doing manual testing, you can generate an assertion using jwt.io.
How to generate the assertion string in python?
Found jwt processing can be done with pyjwt. https://pyjwt.readthedocs.io/en/latest/ But I'm confused with what exactly has to be done to get the assertion string.
Called the curl request to get response
curl -X POST \
https://api.einstein.ai/v2/oauth2/token \
-H 'Content-type: application/x-www-form-urlencoded' \
-H 'cache-control: no-cache' \
-d 'grant_type=urn%3Aietf%3Aparams%3Aoauth%3Agrant-type%3Ajwt-bearer&assertion=eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJodHRwczovL2FwaS5laW5zdGVpbi5haS92Mi9vYXV0aDIvdG9rZW4iLCJleHAiOjM2MDAsInN1YiI6ImJpdHR1LmNwcEBnbWFpbC5jb20ifQ.MHPzgIGThAwHzGCgEAHU8MyJafbIBQVuK_nW4f5ZUh8hN6eh50XbuP7YnDsCeTH0tIQA0OZlEveVnwnmvi1slnNEhad30NB76J-eLCBYK1xUnj2ZfESRaXxP65XMj_KRWdqgF9dMNLsjA08pPeFkBT1rSM8EmWxlCm_BuDPuQRt1zuSSdtWBInIeBafHhyMmdptTHMTeah0epZiyVhyiGscVkApU0bzhUG5AYGixEldemM6xATWs5EjEfZa-4kG26p2QhyHdjIno2n63nuq82A4Kna4GpHlo7QdqRvvUSDJFB_pM33s_LmMxGY_mNmUuDqpQdJ2k15OF9fvnVTUuVg&undefined='
But got answer as
{
"message": "Invalid JWT assertion"
}
Install pyjwt and cryptography first:
$ pip install pyjwt
$ pip install cryptography
Read your .pem file content and use that to generate assertion string like this:
import jwt
payload = {
"sub": "<EMAIL_ADDRESS>",
"aud": "https://api.einstein.ai/v2/oauth2/token",
"exp": "<EXPIRATION_SECONDS_IN_UNIX_TIME>" # UNIX timestamp (integer)
}
with open('einstein_platform.pem') as f:
assertion_string = jwt.encode(payload, f.read(), algorithm='RS256')
print(assertion_string)