[JWT] Using component to secure REST service

Forge Component
(8)
Published on 2018-10-10 by João Almeida
8 votes
Published on 2018-10-10 by João Almeida

Can this component also be used to secure a REST service that is exposed in OutSystems? Or can it only be used for existing REST services that are consumed?

Hi Kilian,

Yes it can. I had to prove that in a PoC last year.

Let me know if my quick answer is enough or that I have dive in my archive and see if i have more detailed information that I am allowed to share.

Regards,

Daniel

Thanks for the quick answer Daniël. I'll probably be looking at this on Monday, but it'll save me the time to come up with something myself :). Have a nice weekend!

Ok, did some source code browsing, but it seems my use case isn't entirely covered. At least, ideally I'd just want to specify a certificate subject to do the (asymetric) encryption en decryption, but it seems I need to have the actual certificate file?

What I'd ideally need:

  1. Specifying the payload and certificate subject, create a JWT;
  2. Given a JWT and specifying the certificate subject, validate a JWT (client-side);
  3. Given a JWT and specifying the certificate subject, validate a JWT (server-side).


Just fyi, I ended up creating my own (limited) implementation, not using this component.