Visual LANSA Forum

Community Forum for Visual LANSA
https://forum.developer.lansa.com/

JWT Token Validation

https://forum.developer.lansa.com/viewtopic.php?t=2713

Page 1 of 1

JWT Token Validation

Posted: Sat Jan 21, 2023 6:35 am
by brayfield
I am receiving a JWT token from an HTTP request and need assistance with validation.

Below is my code, which is trying to load a PEM file and pass to the TryVerifyToken method. The .LoadPemFile is not successful, so I am not sure of the implementation. Sorry, these PRIMs are new for me and docs are a bit scarce.

Define_Com Class(#PRIM_SRVM.HttpJsonWebTokenSignaturePSnnn) Name(#vToken)
Define_Com Class(#PRIM_SRVM.HttpJsonWebToken) Name(#vJWT)
Define_Com Class(#PRIM_CAPI.PublicKey) Name(#vKey)
Define Field(#vJWTAccessToken) Type(*string) Length(5000)
Define Field(#vValidToken) Type(*Boolean) Default(False)
Define Field(#vValidKey) Type(*Boolean) Default(False)
define field(#vPemFilePath) reffld(#FilePath)

* Load the PEM file
#vPemFilePath := '/PathToMyPEMfile.pem'
#vValidKey := #vKey.LoadPemFile( #vPemFilePath )
If (#vValidKey)
#vValidToken := #vToken.TryVerifyToken( #vJWTAccessToken #vJWT #vKey )
Endif

Re: JWT Token Validation

Posted: Tue Jan 24, 2023 5:44 am
by brayfield
To add some details for clarification:

We are using auth0.com (Okta product) to provide our customer bearer tokens for API authorization. Unlike Okta which I think has an API for token validation, auth0 requires clients (me) to validate tokens. Auth0 offers several SDKs to make this easy for the client, but Lansa has this baked into server modules.

So... Once the client has the token, they call our Integrator API function where I need to validate the token.

Obvious question, why not use VL REST API server modules... I'm an old dog and Integrator is my preferred http handler for various reasons, logging mostly. Also, we have unresolved issues with IBM native http and our client's frontend that cause Lansa VL http calls to fail at the handshake level. Integrator calls however are successful.

That said, VL Server Modules have introduced some very useful PRIMs for token validation, and I would like to utilize in a non-server module Integrator function somehow...

1) #PRIM_CAPI.PublicKey. Using the loadpemfile method, load auth0.com "signing keys". This pem file will be manually downloaded and stored on our IFS.

Code: Select all

#xxx.LoadPemFile( '/filepath/N47jFkj1sZvchvL7zZzf0.pem' )
2) #PRIM_SRVM.HttpJsonWebTokenSignaturePSnnn). Using the TryVerifyToken method, validate the received token including the signature pem file.

Code: Select all

#yyy.TryVerifyToken( #JWTAccessToken #JWT #xxx )
3) PRIM_SRVM.HttpJsonWebToken access properties of the JWT (payload, claim, etc.)

Any help is greatly appreciated!

Re: JWT Token Validation

Posted: Tue Jan 24, 2023 7:31 am
by Dino
Haven't done any JWT validation, but the learn.lansa.com site have a good document on JWT
using the new restful apis, have you reviewed that? :

https://learn.lansa.com/courses/take/la ... entication

maybe it can give you some pointers/reference to implement it as integrator service.
All times are UTC+10:00
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited