Reactive Web: Implementing JWT (Tokens in Client Variables)

We are new to OutSystems and we're kind of struggling on finding the best approach for implementing JWT in ReactiveWeb. The JWT side is perfectly fine. What we are struggling with is where the token should be stored client side. 

Our current thought process is to use a client variable to store the token. We are able to read/write the variable just fine at the client level. However, we can't figure out how to use the client variable at the Server Action level.

Our web blocks pull data from an external database using a Data Action at start. We cannot access the client variable from these Data Actions because of the "The environment you're logged into doesn't support 'Client Variables in Data Sources'." error. 

Additionally, we are using a microservice pattern with external database connections so all of our data usage is via exposed/consumed REST API's. We are using the 'OnBeforeRequest' action and want to do some token checking there. Again, we cannot access the client variable from this scope.


Are we fundamentally going about this all wrong? What would/should be the proper implementation for this case? Of course, we can store the token in the database, but we don't want to be making that many database calls (our tokens will expire in 60-120 seconds). Thoughts, suggestions, ideas?

Solution

Hi. 

You need to send as input parameter your token from the client side to the server actions that need that parameter and send it to all the server actions that you need. 

Now, to perform the token validation on the OnBeforeRequest, I'd recommend to add a new input that is sent in the header and then find that header in the headers List of the request to get the token's value using a ListIndexOf for example


Gabriel

Solution

Hi Joseph,

in addition to what Gabriel is saying, you can use local variables in your reactive screen, and assign the corresponding clientVariable value to them in the OnInitialize of the screen.  

You can then use these local variables as inputs to data fetch actions or as parameters in aggregates without getting the "The environment you're logged into doesn't support 'Client Variables in Data Sources'. message.

Regards,

Dorine

Thank you, gentlemen. I do believe I understand. I guess I totally overlooked local variables. My apologies, still learning. I appreciate the assistance!