Forum Discussion

HYPER.Kao's avatar
HYPER.Kao
Explorer
5 months ago

Meta Quest Attestation JWT token always Invalid Signature

Hi:

I am trying to use the Meta Quest Attestation API in the Unity  project
folowing the sample, I can get the jwt from Meta SDK all right,
but whenever I verify with api with `https://graph.oculus.com/platform_integrity/verify?token=<attestation_token>&access_token=<access_token>`
always getting Invalid signature.

I have tried on a published project's local build and an unpublished project's alpha build.
Both Attestation JWT yield Invalid Signature.

Do I miss something here?


question
Unity

9 Replies

  • 4tothefloor's avatar
    4tothefloor
    Meta Employee
    5 months ago

    Howdy!

    Sorry to hear that you're having trouble with the Attestation API, I get how that could be frustrating.

    We have some great documentation that covers the implementation of that particular API. In case you haven't checked it out already, I'll link it below. I'd recommend that you check out the Token verification section of that documentation specifically, as it mentions that error. 

    Let me know if you were able to figure out the issue, and if not please feel free to reach back out and we can troubleshoot further!

    Meta Quest Attestation API

    -G

    • HYPER.Kao's avatar
      HYPER.Kao
      Explorer
      5 months ago

      Hi:

      yes, I read the doc, but the verification step still giving me invalid signature.

      I can get the other api access like Monetization-Add-ons Server APIs (e https://graph.oculus.com/$APP_ID/viewer_purchases) working.
      I assume the access_token part is correct just as it is setup in other api.
      for the attestation token read from device log,  I can decode to read the content by jwt.io

      there is some requirements or limits for attestation API that missing so I get invalid signature.

      • 4tothefloor's avatar
        4tothefloor
        Meta Employee
        5 months ago

        Hi again!

        Thanks for confirming and the additional context. We're currently looking into the issue, and I may reach back out again if I have any questions or updates.

        -G

  • chenxiz's avatar
    chenxiz
    Meta Employee
    5 months ago

    Hi HYPER.Kao

    Could you please paste the complete output you received from your browser after visiting the following URL below?   

    https://graph.oculus.com/platform_integrity/verify?token=<attestation_token>&access_token=<access_token>

    Did you use the correct access token?
    Is your <access token> in the format OC|App_ID|App_Secret?

    • HYPER.Kao's avatar
      HYPER.Kao
      Explorer
      5 months ago

      if attestation_token was empty, i would get "invalid request"
      and if access_token was wrong, i would get "Invalid OAuth 2.0 Access Token"

      so yes, I am pretty sure those two fields werefilled with proper string

      • chenxiz's avatar
        chenxiz
        Meta Employee
        5 months ago

        Is your package name "com.gunraiders"?

        If so, we are getting "Empty String Parameter Exception". Could you please log (dump) the request parameters and try running the request in your browser? Then, let us know what output you see in the browser. This information will help us debug the issue more effectively.

        Thank you!

→ Find helpful resources to begin your development journey in Getting Started

→ Get the latest information about HorizonOS development in News & Announcements.

→ Access Start program mentor videos and share knowledge, tutorials, and videos in Community Resources.

→ Get support or provide help in Questions & Discussions.

→ Show off your work in What I’m Building to get feedback and find playtesters.

→ Looking for documentation?  Developer Docs

→ Looking for account support?  Support Center

→ Looking for the previous forum?  Forum Archive

→ Looking to join the Start program? Apply here.

 

Recent Discussions