1

I was trying to setup a Named Credentials with JWT Token Exchange (i.e. not the basic "JWT" option) to use GCP Identity Federation and I got this error when doing an APEX Http callout:

EXCEPTION_THROWN [13]|System.CalloutException: Unable to complete the JWT token exchange. Error: invalid_request. Error description: subject_token must be nonempty..

The field "subject_token" is not exposed in the Salesforce GUI to configure. How can I solve this please ?

EDIT I understand that the JWT generation (with self-signed certificate or CA signed certificate) option in Named Credentials can be a solution but I am after a more automated and secure way through "JWT Token Exchange".

EDIT Unfortunately, the answer Generate JWT token for external app does not answer my question.

Adrian Larson
  • 149,971
  • 38
  • 239
  • 420
jldupont
  • 111
  • 4
  • 2
    NC won't do what you're after out of the box but it's easy to code it in Apex - see linked Q&A. – identigral Jun 13 '22 at 17:52
  • 1
    I know that Named Credentials with the simple JWT generation based on provisioned certificates will work (provided that the other side of connection verifies the JWT's signature) but I would like to use "JWT Token Exchange" for the added security & operational benefits. – jldupont Jun 13 '22 at 18:33
  • 2
    @jdupont Neither NC option (bearer or exchange) will work with GCP out of the box. NC won't send subject_token and there are more issues – identigral Jun 13 '22 at 18:42
  • 1
    @identigral Thanks for confirming my findings about subject_token. – jldupont Jun 14 '22 at 11:26

0 Answers0