Help

Roku Developer Program

Join our online forum to talk to Roku developers and fellow channel creators. Ask questions, share tips with the community, and find helpful resources.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
binarygiant
Reel Rookie
‎09-29-2023 10:47 AM

Public Key Endpoint only Exposes 1 Public Key [ROKU-PARTNER-SERVICE-2021-08-05-10-20]

Hey Roku community, I'm trying to decode webhook messages, but I'm running into a problem where the name of the key "kid" in the message payload is "ROKU-PARTNER-SERVICE-TEST-2023-09-29-17-16", but the link for Roku's public keys doe NOT contain this value, only "ROKU-PARTNER-SERVICE-2021-08-05-10-20".

How am I supposed to decode the message if there is no public key available at the specified endpoint (https://assets.cs.roku.com/keys/partner-jwks.json).

Documents used to come to this conclusion:
https://developer.roku.com/docs/developer-program/roku-pay/implementation/push-notifications.md#sale
https://developer.roku.com/docs/developer-program/roku-pay/implementation/push-notifications-jwt.md
https://developer.roku.com/docs/developer-program/roku-pay/implementation/push-notifications-jwt.md#...

 

public_keys_roku.png

Result: {"keys":[{"kty":"RSA","alg":"RS256","kid":"ROKU-PARTNER-SERVICE-2021-08-05-10-20","n":"tGgfIclcR9fLoz0w3yXOJytTMKI5zht9i2utQnllirQvXVc-tH8y9LVVdMNzsHZWm-aTUeTwV2hzXvP7FnuBMaMXe5ZkGXbY8f-VmPTWFZCyKUVV4gZaxt3SArpKBpM2jOqveljyiHNxc6cXHmIY-cr6uXn7je-S9BygPNr7oTCDb0GGw-Y7uWCPi5ZMY91q57exSxN1TtjbGI1Af2-voFMBA6UMIfbkERPmxhYNSvPqLyF3QEYhpAn5LC10pDxNC0JGo5giheL0Nlp4mNlaoVJ6bdcr1hCJrsoT-pYPBv9T8G5T2YoO20egPbAtjIelMiJOUbp3gi32YgcpYl8G8w","e":"AQAB"}]}

0 Kudos
Reply
1 REPLY 1
renojim
Community Streaming Expert
‎10-01-2023 03:31 PM

Re: Public Key Endpoint only Exposes 1 Public Key [ROKU-PARTNER-SERVICE-2021-08-05-10-20]

It looks like JWT-secured push notifications is relatively new.  I either never noticed it or decided I didn't need it and forgot it existed.  I do notice this note:

"This feature is currently in controlled availability. Contact Partner Success to enable JWT-secured push notification testing for your developer account."

https://developer.roku.com/docs/developer-program/roku-pay/quickstart/setting-up-web-services.md#tes...

It looks like for testing you want to use https://assets.cs.roku.com/keys/partner-jwks-test.json , but I don't see that "kid" there either.

That URL was found here:
https://github.com/rokudev/notification-receiver-sample/blob/main/src/main/java/com/roku/notificatio...

Roku Community Streaming Expert

Help others find this answer and click "Accept as Solution."
If you appreciate my answer, maybe give me a Kudo.

I am not a Roku employee.
0 Kudos
Reply
Need Assistance?
Welcome to the Roku Community! Feel free to search our Community for answers or post your question to get help.

Become a Roku Streaming Expert!

Share your expertise, help fellow streamers, and unlock exclusive rewards as part of the Roku Community. Learn more.