https://community.hubspot.com/t5/APIs-Integrations/SSO-for-Customer-Portal/m-p/1123082#M80906 <P>Hey, <SPAN style="background: var(--ck-color-mention-background); color: var(--ck-color-mention-text);"><a href="https://community.hubspot.com/t5/user/viewprofilepage/user-id/915500">@MD14</a></SPAN> Setting up SSO using JWT was sunset this year according to this note "<I>Please note: on February 5th, 2025, the ability to use SSO for new JWT applications was sunset. JWT-based applications configured for SSO prior to that date are not affected. Moving forward, it's recommended to use an Open ID Connect (OIDC) application instead</I>" — <A href="https://knowledge.hubspot.com/website-pages/set-up-single-sign-on-sso-to-access-private-content#:~:text=Please%20note%3A%20on%20February%205th%2C%202025%2C%20the%20ability%20to%20use%20SSO%20for%20new%20JWT%20applications%20was%20sunset.%20JWT%2Dbased%20applications%20configured%20for%20SSO%20prior%20to%20that%20date%20are%20not%20affected.%20Moving%20forward%2C%20it%27s%20recommended%20to%20use%20an%20Open%20ID%20Connect%20(OIDC)%20application%20instead." target="_blank"><STRONG>source</STRONG></A>.</P> <P>&nbsp;</P> <P>Best,</P> <P>Jaycee</P> Mon, 17 Mar 2025 05:49:09 GMT Jaycee_Lewis 2025-03-17T05:49:09Z https://community.hubspot.com/t5/APIs-Integrations/SSO-for-Customer-Portal/m-p/1122882#M80894 <P>Hi,</P><P>&nbsp;</P><P>I am trying to implement OIDC workflows in our authorisation server so that users in our application can access their tickets in the Customer Portal.</P><P>&nbsp;</P><P>Both the authorise and token endpoints are invoked and responses are sent as expected but Customer Portal shows up an error page that says there is no permission.</P><P>&nbsp;</P><P>I am not sure what exact details in JWT token are expected by Hubspot server.</P><P>&nbsp;</P><P>I have followed the OIDC section in this guide -&nbsp;<A href="https://knowledge.hubspot.com/website-pages/set-up-single-sign-on-sso-to-access-private-content?hubs_content=knowledge.hubspot.com/inbox/set-up-a-customer-portal&amp;hubs_content-cta=setting%20up%20SSO" target="_blank" rel="noopener">https://knowledge.hubspot.com/website-pages/set-up-single-sign-on-sso-to-access-private-content?hubs_content=knowledge.hubspot.com/inbox/set-up-a-customer-portal&amp;hubs_content-cta=setting%20up%20SSO</A></P><P>&nbsp;</P><P>&nbsp;</P><P>It would be of great help if anyone can guide me to debug the issue further. I can share the sample code that implements the OIDC endpoints.</P><P>&nbsp;</P><P>PS: I have been trying out the sample code in AWS Lambda with Function URLs.</P><P>&nbsp;</P><P>Thanks</P><P>- Manjunath</P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="MD14_0-1742120638756.png" style="width: 400px;"><img src="https://community.hubspot.com/t5/image/serverpage/image-id/141029iE979FCE25A05212B/image-size/medium?v=v2&amp;px=400" role="button" title="MD14_0-1742120638756.png" alt="MD14_0-1742120638756.png" /></span></P><P>&nbsp;</P> Sun, 16 Mar 2025 10:38:29 GMT https://community.hubspot.com/t5/APIs-Integrations/SSO-for-Customer-Portal/m-p/1122882#M80894 MD14 2025-03-16T10:38:29Z https://community.hubspot.com/t5/APIs-Integrations/SSO-for-Customer-Portal/m-p/1123082#M80906 <P>Hey, <SPAN style="background: var(--ck-color-mention-background); color: var(--ck-color-mention-text);"><a href="https://community.hubspot.com/t5/user/viewprofilepage/user-id/915500">@MD14</a></SPAN> Setting up SSO using JWT was sunset this year according to this note "<I>Please note: on February 5th, 2025, the ability to use SSO for new JWT applications was sunset. JWT-based applications configured for SSO prior to that date are not affected. Moving forward, it's recommended to use an Open ID Connect (OIDC) application instead</I>" — <A href="https://knowledge.hubspot.com/website-pages/set-up-single-sign-on-sso-to-access-private-content#:~:text=Please%20note%3A%20on%20February%205th%2C%202025%2C%20the%20ability%20to%20use%20SSO%20for%20new%20JWT%20applications%20was%20sunset.%20JWT%2Dbased%20applications%20configured%20for%20SSO%20prior%20to%20that%20date%20are%20not%20affected.%20Moving%20forward%2C%20it%27s%20recommended%20to%20use%20an%20Open%20ID%20Connect%20(OIDC)%20application%20instead." target="_blank"><STRONG>source</STRONG></A>.</P> <P>&nbsp;</P> <P>Best,</P> <P>Jaycee</P> Mon, 17 Mar 2025 05:49:09 GMT https://community.hubspot.com/t5/APIs-Integrations/SSO-for-Customer-Portal/m-p/1123082#M80906 Jaycee_Lewis 2025-03-17T05:49:09Z https://community.hubspot.com/t5/APIs-Integrations/SSO-for-Customer-Portal/m-p/1123091#M80910 <P>Hi Jaycee,</P><P>&nbsp;</P><P>Thanks for the reply.</P><P>&nbsp;</P><P>I have implemented OIDC in our server and as part of that change, we are required to return a token (in JWT format). The issue is that though there are no errors in the API response, the Customer Portal is not loading.</P><P>&nbsp;</P><P>Are there specific information that is required by Hubspot and also is the "Provider Authorisation endpoint and Provider Token endpoint" needs to be hosted in same domain ?</P><P>&nbsp;</P><P>Regards</P><P>- Manjunath</P><P>&nbsp;</P> Mon, 17 Mar 2025 06:06:56 GMT https://community.hubspot.com/t5/APIs-Integrations/SSO-for-Customer-Portal/m-p/1123091#M80910 MD14 2025-03-17T06:06:56Z