can't download ottca JWT

[qrkourier]

Console v2.8.2 doesn't make a newly-created identity's JWT available for download when the identity is created with an ottca enrollment method.

In the list of /identities the console will need to parse the downloadable JWT from a different location than a (normal) identity that was created with the default enrollment method ott.

The following examples are from Ziti 0.28.4.

API view when default ott method

"enrollment": {
                "ott": {
                    "expiresAt": "2023-07-17T20:12:51.947Z",
                    "id": "hh..sG5o2l",
                    "jwt": "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJlbSI6Im90dCIsImV4cCI6MTY4OTYyNDc3MSwiaXNzIjoiaHR0cHM6Ly96aXRpLWVkZ2UtY29udHJvbGxlcjoxMjgwIiwianRpIjoiNWEzNmUxNTgtNjQ3NS00OTNiLTllMzItODI2MjVlM2U5MDk5Iiwic3ViIjoiaE4uM3NHNU91In0.DoT65ZQvY5SIHmxKg5j7GAGlnEnXeUBxPEP8Y2ogiJ5vP8tWROeSjEd2OYKBDvxmVPxjXTDjzJAG-FYoho7zYlTugyar93uhDlS0g55VIuDFY4e_UmzrxisCcxFjWaNQ2gnndtP4ippIddQHdiCpFg6GkGYr2TFxDzD-j2C0pmFl6rwZ8xXJpzeD5K1DgO2Et99Hwfv5EOBnNyjPTqDgrln0DQW6mYJgYHUVCHaqBUh2YyVZqQqZY0_qcjwZu7UJb-FGPw2lHZI9wh9ORhtXpwm5usnFD45mAP-RTZfOfcLfgD5XIoHlYTyfqipcFzS9AMMG9G-Ou3-nSIcgk_srlTCbdN28qHz_wIlaBw0MNH8ukAjGHbQQzHR0NlfqI9KgPvlXKr6yci7gV9dsHxTYF-p8BS8LvEAzbJOR33UMiykzGaN_0sgUBzAr3Z4gPEuXUWHesuhfp6e86drnElDqCoSWv6ZN4Prghv1gZyRjJvZ0UorpWlfIz0X80kzjVbswf6WtXpppUs2qmYbGSlgbD_lHuvj_AAsEk8cXpFZZRcD5af_YwAuWSkESNxIZwOxEdj8tpdesbK412Mgda-pfOgZcdNhDIl7eYWu7PJcArlP2C-419OaJIsbmC-e1J7i2FkRXWj4LdVmdqq-j2sgnMdQTps2eV8CktfOiPYwr1RU",
                    "token": "5a36e158-6475-493b-9e32-82625e3e9099"
                }
            },

API view when ottca method

"enrollment": {
                "ottca": {
                    "ca": {
                        "_links": {
                            "jwt": {
                                "href": "./cas/5L5JFo5dxKUFbiNXohMPll/jwt"
                            },
                            "self": {
                                "href": "./cas/5L5JFo5dxKUFbiNXohMPll"
                            }
                        },
                        "entity": "cas",
                        "id": "5L5JFo5dxKUFbiNXohMPll",
                        "name": "magenta"
                    },
                    "caId": "5L5JFo5dxKUFbiNXohMPll",
                    "expiresAt": "2023-07-18T17:09:03.031Z",
                    "id": "I5NtczBOun",
                    "jwt": "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJlbSI6Im90dGNhIiwiZXhwIjoxNjg5NzAwMTQzLCJpc3MiOiJodHRwczovL3ppdGktZWRnZS1jb250cm9sbGVyOjEyODAiLCJqdGkiOiJjM2FmODA0Yy0yOGMwLTQxNzgtYTYwMy1lNGJhYmQ5MmJmZTUiLCJzdWIiOiJJNU50Y3pCb3VsIn0.BK2-oTTl0VxxTcTJJM0oqPlt46_x-OqSjWeXUhJ-paSHXJN8dwUVrMLk6GNK7Kx7tgigxhRvS9wgHiH9QbETx7ngaQ4MiPZSNGNL6SHUq9RD3CJqlJ5IIZ1jvsWIeYXBAkqfnoo0b4dyQjB9i6jgne9bCeO0C0TbotNWGDJgaIENsIv-ElnH2puqBHkIA8bCBE_4d8KQ3KbnIhD_2hw9LoKjnh_qg5OjT8MznfbYPRIxvrYG3wryDwaP3XGr4PoYFbfx2WByz1MtT6OwMgAnO0ZHYZKhW6-udya2_Ripy7wTo574kC3als58ePE5x_mKf11tRWUTvpvkeEqfyvsaJugviYuaFo19nufNVeEYG0RR1Sy3N1UeakCj1wtR-jSBxHdwgcb65apFOsfAUA1G7wgkA0UrmHQ5OwOVfWwipcaveHLizArnH-TPjEh_cbt5dprWm_3OuArPbSiySDNYBbmIUOPeczly5LR__h_gThceV5Y4nuWApEPRMZ04SteD_EQG3Do5NiB7KXQhgVDsE2SD8c64uxUjK9kpOrVdZMgaW5giPy2aBaAX_VWQdbj9nDWBBqvvZbrih7m_rNCdHHohvrjLNbfcNEFYWY_ocJHtABVzyZceBcupiUPIT8AgKmTG4NCP9c_9GhCVdXO1z6zB90yz6lu4h8C87PpZxq0",
                    "token": "c3af804c-28c0-4178-a603-e4babd92bfe5"
                }
            },

Note about testing this

It won't be possible to test this with the console until after a related issue is solved #151 because the other issue prevents creating identities with the ottca enrollment method.

[JeremyTellier]

Fixed in 2.8.4