Network Verify API unable to get JWT

[akshualy]

---

name: Bug report
about: Create a report to help us improve
title: 'Network Verify API unable to get JWT'
labels: ''
assignees: ''

I wasn't sure how to fill this, apologies.

---

Currently when using the SDK, in the endpoint listening to the callback/redirect URI the documented NetworkNumberVerification#verify method raises jwt.exceptions.InvalidKeyError: Could not parse the provided public key.

It is worth to note that I am using these SDKs with an Application ID and Secret Key from the Telekom portal.

Expected Behavior

The JWT should be able to be fetched and or created properly.

Current Behavior

Currently the JWT implementation at vonage_http_client/auth.py, specifically the line token = self._jwt_client.generate_application_jwt(claims), raises the above error in the JWT library.

Possible Solution

It could be that this is a problem with the Telekom overlay.

I have a working solution by calling these endpoints manually:

1. https://api-eu.vonage.com/v0.1/network-enablement
   a. With a JWT from https://docs.developer.telekom.com/en/jwt in the auth header
   b. With phone number, scopes (dpv:fraudprevention...), and state in the body
2. Follow the auth url from the response of 1 on the mobile phone in the carrier network
3. In the endpoint listening to the callback, post to https://api-eu-3.vonage.com/oauth2/token
   a. Again the JWT auth header
   b. grant_type, code from callback and redirect uri as "application/x-www-form-urlencoded"
4. Post to https://api-eu.vonage.com/camara/number-verification/v031/verify
   a. Auth header with the access token in the response of step 3
   b. phoneNumber in the JSON body
5. devicePhoneNumberVerified will be holding the state.

Looking at the code, it seems this is almost identically done by the SDK, there's just an issue with the JWT.

Something I noticed is that the SDK tries to add openid to the scopes, this is not needed for this verify flow.

Steps to Reproduce (for bugs)

1. Generate an auth URL using the SDK

import uuid

import vonage_http_client

from vonage import Vonage
from vonage_network_auth import CreateOidcUrl
from vonage_network_number_verification import (
    NetworkNumberVerification,
    NumberVerificationRequest,
)

vonage_client = Vonage(
    auth=vonage_http_client.Auth(
        application_id=os.environ["VONAGE_APP_ID"],
        private_key=os.environ["VONAGE_PRIVATE_KEY"],
    ),
)
network_verification = NetworkNumberVerification(
    http_client=vonage_client.http_client
)

state = f"v2{uuid.uuid4().hex[2:]}"
url_options = CreateOidcUrl(
    redirect_uri=(
        "redirect uri in the portal"
    ),
    state=state,
    login_hint=verification_request.phone_number,
)
auth_url = network_verification.get_oidc_url(url_options)
print(auth_url)

2. Follow the auth URL on the mobile device in the carrier's network, the callback will be given a code
3. Use the code to call verify

code = "from callback/redirect url"
response = network_verification.verify(
    NumberVerificationRequest(
        code=code,
        redirect_uri=(
            "redirect uri from the portal"
        ),
        phone_number=number_verification_request.phone_number,
    )
)

4. This step fails for me. I tested Telekom and O2 networks.

Context

As provided above, I have a working solution so I am not too affected. The SDK just makes it nicer to work with.
We are using this to verify user phone numbers that they entered.

Your Environment

• Version used: Python 3.12, SDK 4.4.0
• Environment name and version (e.g. language and server version): test & staging, English & German
• Operating System and version: Debian 11 and 12

If I have missed information, please let me know and I am happy to provide as much as I can.