"Invalid JWT" for uploading a package to update an existing submission using Microsoft Edge Add-ons API - help needed

[karlbecker]

Hello,
I could use some help ensuring the Microsoft Edge Add-ons API is working correctly. We configured it over a year ago and it worked great for many months, but in the last few months it has been failing.

I have followed the instructions on https://learn.microsoft.com/en-us/microsoft-edge/extensions-chromium/publish/api/using-addons-api and https://learn.microsoft.com/en-us/microsoft-edge/extensions-chromium/publish/api/addons-api-reference#upload-a-package-to-update-an-existing-submission , but I am getting the following error:

< HTTP/1.1 401 Unauthorized
< Content-Length: 48
< Content-Type: application/json
< Request-Context: appId=cid-v1:23f4<redacted>
< Date: Mon, 06 Nov 2023 21:48:00 GMT
* HTTP error before end of send, stop sending

Here's what I'm doing, along with the URLs I am using:

First I request the access token:

curl -X POST \
                -H "Content-Type: application/x-www-form-urlencoded" \
                -d "client_id=<redacted>-<reda>-<reda>-<reda>-<redacted>" \
                -d "scope=https://api.addons.microsoftedge.microsoft.com/.default" \
                -d "client_secret=<redacted>" \
                -d "grant_type=client_credentials" \
                -v "https://login.microsoftonline.com/<redacted>-<redacted>-<redacted>-<redacted>-<redacted>/oauth2/v2.0/token"

From that, I take the access_token value in the response, and put it straight into this request:

curl -H "Authorization: Bearer <very_long_string_redacted>" \
                 -H "Content-Type: application/zip" \
                 -X POST \
                 -T "myfilename.zip" \
                 -v "https://api.addons.microsoftedge.microsoft.com/v1/products/<redacted>-<reda>-<reda>-<reda>-<redacted>/submissions/draft/package"

When I do that, here's what's printed out:

*   Trying 20.72.73.155:443...
* Connected to api.addons.microsoftedge.microsoft.com (20.72.73.155) port 443 (#0)
* ALPN: offers h2,http/1.1
* (304) (OUT), TLS handshake, Client hello (1):
*  CAfile: /etc/ssl/cert.pem
*  CApath: none
* (304) (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
* TLSv1.2 (IN), TLS handshake, Server finished (14):
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
* TLSv1.2 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.2 (OUT), TLS handshake, Finished (20):
* TLSv1.2 (IN), TLS change cipher, Change cipher spec (1):
* TLSv1.2 (IN), TLS handshake, Finished (20):
* SSL connection using TLSv1.2 / ECDHE-RSA-AES256-GCM-SHA384
* ALPN: server did not agree on a protocol. Uses default.
* Server certificate:
*  subject: C=US; ST=WA; L=Redmond; O=Microsoft Corporation; CN=api.addons.microsoftedge.microsoft.com
*  start date: Sep 18 13:11:29 2023 GMT
*  expire date: Jun 27 23:59:59 2024 GMT
*  subjectAltName: host "api.addons.microsoftedge.microsoft.com" matched cert's "api.addons.microsoftedge.microsoft.com"
*  issuer: C=US; O=Microsoft Corporation; CN=Microsoft Azure TLS Issuing CA 06
*  SSL certificate verify ok.
* using HTTP/1.x
> POST /v1/products/<redacted>-<reda>-<reda>-<reda>-<redacted>/submissions/draft/package HTTP/1.1
> Host: api.addons.microsoftedge.microsoft.com
> User-Agent: curl/8.1.2
> Accept: */*
> Authorization: Bearer <very_long_string_redacted>
> Content-Type: application/zip
> Content-Length: 4549099
> Expect: 100-continue
>
< HTTP/1.1 401 Unauthorized
< Content-Length: 48
< Content-Type: application/json
< Request-Context: appId=cid-v1:<redacted>
< Date: Mon, 06 Nov 2023 21:48:00 GMT
* HTTP error before end of send, stop sending
<
* Closing connection 0
* TLSv1.2 (OUT), TLS alert, close notify (256):
{ "statusCode": 401, "message": "Invalid JWT." }%

What might be wrong? The exact same two calls were working just a couple of months ago, but now seem to have stopped working.

I have also attempted to create a new secret today, just in case something was broken with the previous secret we've been using.

Thank you!

• Karl

[Bhuvana-Priya]

Hi,

Thank you for reaching out.

We are looking into this and will get back to you as soon as possible.

Regards,
Bhuvana

[karlbecker]

Hi @Bhuvana-Priya , any update on this? Our team would be able to even better support Edge Add-ons if this were fixed.

Thanks,
Karl

[ManikanthMSFT]

Hey @karlbecker, apologize for the delay in responding to your query. Could you please confirm was your issue resolved, or you are still looking for an update?

[karlbecker]

Still waiting for a solution @ManikanthMSFT

[ManikanthMSFT]

@karlbecker thank you for your response. I will once again forward this to our team for thorough verification. Once we hear back from them, I will respond to you as soon as possible.

In the meantime, could you please provide us with your seller ID?

Thank you for your patience.

[karlbecker]

Thanks @ManikanthMSFT - can you please contact me through a more formal method of communication so I can provide the seller ID in a more secure method?

[ManikanthMSFT]

@karlbecker could you please send us an email with your query and your seller ID? This will help us verify your details and assist you more effectively.

Also, note that I am closing this conversation so that we can have a single channel for better communication.

Thank you for your cooperation.