[JWT] Using component to secure REST service

Forge Component
(8)
Published on 2018-10-10 by João Almeida
8 votes
Published on 2018-10-10 by João Almeida

Can this component also be used to secure a REST service that is exposed in OutSystems? Or can it only be used for existing REST services that are consumed?

Hi Kilian,

Yes it can. I had to prove that in a PoC last year.

Let me know if my quick answer is enough or that I have dive in my archive and see if i have more detailed information that I am allowed to share.

Regards,

Daniel

Thanks for the quick answer Daniël. I'll probably be looking at this on Monday, but it'll save me the time to come up with something myself :). Have a nice weekend!

Ok, did some source code browsing, but it seems my use case isn't entirely covered. At least, ideally I'd just want to specify a certificate subject to do the (asymetric) encryption en decryption, but it seems I need to have the actual certificate file?

What I'd ideally need:

  1. Specifying the payload and certificate subject, create a JWT;
  2. Given a JWT and specifying the certificate subject, validate a JWT (client-side);
  3. Given a JWT and specifying the certificate subject, validate a JWT (server-side).


Just fyi, I ended up creating my own (limited) implementation, not using this component.

Hey Kilian,

any chance you can integrate your implementation into this component? your scenario may be common to others...

thanks! :)

I don't think so. Or at least, not with considerable effort, and I'm not sure how useful it would be.

Kilian Hekhuis wrote:

I don't think so. Or at least, not with considerable effort, and I'm not sure how useful it would be.

There are some scenarios and use cases not covered by the current implementation, there are so many variations it's difficult to cover all. But if you can share your implementation I could try to integrate it or support that use case (I already have pending changes for the upcoming version).



Hi João,

For what's it worth, hereby my Extension and eSpace that I created.

Mmm, it seems it won't attach a XIF?

Edit: let's try inside a ZIP.