JWT(JSON Web Token) For Access Token

oeCloud.io example jwt-for-access-token explains how to setup JWT for login to get access token in JWT format and use the generated access token to access API’s.

What you’ll build

oeCloud.io based application configured to use JWT for Access Token.

What you’ll need

  • You should have Node and NPM installed.

How to start with this guide

You can start from scratch and complete each step, or you can bypass basic setup steps that are already familiar to you.

To start from the scratch go to Getting Started

Configuring app to use JWT for Access Token

  • Configuring application to use JWT for Access Token is done through setting up environment variables.
    • JWT_FOR_ACCESS_TOKEN which is mandatory env variable, need to be set it to true to setup JWT for Access Token.
    • JWT_CONFIG - non mandatory env variable, but if set, need to be set it to stringified JSON data with keys issuer, audience, secretOrKey are mandatory to be set. If the env variable is not set, the default value set as
    {
      'issuer': 'mycompany.com',
      'audience': 'mycompany.net',
      'secretOrKey': 'secret'
    }
    
  • Now start the server by command
$ node .

Working with JWT for Access Token

Assuming the server is already started successfully, without any issues.

  • Open the oeCloud.io API explorer

  • Click on BaseUser model and Go to /BaseUsers/login

  • POST data with User login data, with username and password. Ex:

    {
      "username": "admin",
      "password": "admin"
    }
    
  • The access token is avaialable in the Success Response of previous POST, with property id. Ex:

    {
      "tenantId": "default",
      "roles": [
          "admin"
      ],
      "department": "adminstration",
      "username": "admin",
      "userTenantId": "default",
      "id": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJyb2xlcyI6WyJhZG1pbiJdLCJkZXBhcnRtZW50IjoiYWRtaW5zdHJhdGlvbiIsInRlbmFudElkIjoiZGVmYXVsdCIsInVzZXJUZW5hbnRJZCI6ImRlZmF1bHQiLCJ1c2VybmFtZSI6ImFkbWluIiwidHRsIjoxMjA5NjAwLCJ1c2VySWQiOiJhZG1pbiIsImlhdCI6MTUxMzc2MzE3MywiZXhwIjoxNTE0OTcyNzczLCJhdWQiOiJteWNvbXBhbnkubmV0IiwiaXNzIjoibXljb21wYW55LmNvbSJ9.AU5XBkktS_jw3uQOJ0HKcn0gLoA8DK6pEeJq3FsVeCA",
      "ttl": 1209600,
      "created": "2017-12-20T09:46:13.116Z",
      "userId": "admin"
    }
    
  • Set the access token in the oe-cloud Explorer and access API’s. This will send the generated JWT token above as access_token query parameter Ex:

    Accessing /BaseUsers/session

    {
      "username": "admin",
      "tenantId": "default",
      "roles": [
        "admin"
      ]
    }
    
  • Authorization using x-jwt-assertion header, we can also use x-jwt-assertion header rather than passing as access_token query parameter to do the authorization.

    Accessing /BaseUsers/session

    Header Name: x-jwt-assertion

    Header Value: Which was generated using /BaseUsers/login.

    Ex: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJyb2xlcyI6WyJhZG1pbiJdLCJkZXBhcnRtZW50IjoiYWRtaW5zdHJhdGlvbiIsInRlbmFudElkIjoiZGVmYXVsdCIsInVzZXJUZW5hbnRJZCI6ImRlZmF1bHQiLCJ1c2VybmFtZSI6ImFkbWluIiwidHRsIjoxMjA5NjAwLCJ1c2VySWQiOiJhZG1pbiIsImlhdCI6MTUxMzc2MzE3MywiZXhwIjoxNTE0OTcyNzczLCJhdWQiOiJteWNvbXBhbnkubmV0IiwiaXNzIjoibXljb21wYW55LmNvbSJ9.AU5XBkktS_jw3uQOJ0HKcn0gLoA8DK6pEeJq3FsVeCA

      {
        "username": "admin",
        "tenantId": "default",
        "roles": [
          "admin"
        ]
      }
    

Summary

Congratulations!! You have successfully configured and tested the JWT for Access Token for your application.