I am receiving a JWT token from an HTTP request and need assistance with validation.
Below is my code, which is trying to load a PEM file and pass to the TryVerifyToken method. The .LoadPemFile is not successful, so I am not sure of the implementation. Sorry, these PRIMs are new for me and docs are a bit scarce.
Define_Com Class(#PRIM_SRVM.HttpJsonWebTokenSignaturePSnnn) Name(#vToken)
Define_Com Class(#PRIM_SRVM.HttpJsonWebToken) Name(#vJWT)
Define_Com Class(#PRIM_CAPI.PublicKey) Name(#vKey)
Define Field(#vJWTAccessToken) Type(*string) Length(5000)
Define Field(#vValidToken) Type(*Boolean) Default(False)
Define Field(#vValidKey) Type(*Boolean) Default(False)
define field(#vPemFilePath) reffld(#FilePath)
* Load the PEM file
#vPemFilePath := '/PathToMyPEMfile.pem'
#vValidKey := #vKey.LoadPemFile( #vPemFilePath )
If (#vValidKey)
#vValidToken := #vToken.TryVerifyToken( #vJWTAccessToken #vJWT #vKey )
Endif
JWT Token Validation
Re: JWT Token Validation
To add some details for clarification:
We are using auth0.com (Okta product) to provide our customer bearer tokens for API authorization. Unlike Okta which I think has an API for token validation, auth0 requires clients (me) to validate tokens. Auth0 offers several SDKs to make this easy for the client, but Lansa has this baked into server modules.
So... Once the client has the token, they call our Integrator API function where I need to validate the token.
Obvious question, why not use VL REST API server modules... I'm an old dog and Integrator is my preferred http handler for various reasons, logging mostly. Also, we have unresolved issues with IBM native http and our client's frontend that cause Lansa VL http calls to fail at the handshake level. Integrator calls however are successful.
That said, VL Server Modules have introduced some very useful PRIMs for token validation, and I would like to utilize in a non-server module Integrator function somehow...
1) #PRIM_CAPI.PublicKey. Using the loadpemfile method, load auth0.com "signing keys". This pem file will be manually downloaded and stored on our IFS.
2) #PRIM_SRVM.HttpJsonWebTokenSignaturePSnnn). Using the TryVerifyToken method, validate the received token including the signature pem file.
3) PRIM_SRVM.HttpJsonWebToken access properties of the JWT (payload, claim, etc.)
Any help is greatly appreciated!
We are using auth0.com (Okta product) to provide our customer bearer tokens for API authorization. Unlike Okta which I think has an API for token validation, auth0 requires clients (me) to validate tokens. Auth0 offers several SDKs to make this easy for the client, but Lansa has this baked into server modules.
So... Once the client has the token, they call our Integrator API function where I need to validate the token.
Obvious question, why not use VL REST API server modules... I'm an old dog and Integrator is my preferred http handler for various reasons, logging mostly. Also, we have unresolved issues with IBM native http and our client's frontend that cause Lansa VL http calls to fail at the handshake level. Integrator calls however are successful.
That said, VL Server Modules have introduced some very useful PRIMs for token validation, and I would like to utilize in a non-server module Integrator function somehow...
1) #PRIM_CAPI.PublicKey. Using the loadpemfile method, load auth0.com "signing keys". This pem file will be manually downloaded and stored on our IFS.
Code: Select all
#xxx.LoadPemFile( '/filepath/N47jFkj1sZvchvL7zZzf0.pem' )Code: Select all
#yyy.TryVerifyToken( #JWTAccessToken #JWT #xxx )Any help is greatly appreciated!
Re: JWT Token Validation
Haven't done any JWT validation, but the learn.lansa.com site have a good document on JWT
using the new restful apis, have you reviewed that? :
https://learn.lansa.com/courses/take/la ... entication
maybe it can give you some pointers/reference to implement it as integrator service.
using the new restful apis, have you reviewed that? :
https://learn.lansa.com/courses/take/la ... entication
maybe it can give you some pointers/reference to implement it as integrator service.