JWT for outsystems mobile app

Is there a JWT component that I can use in an OutSystems mobile app?

Hi Vikas,

All communication with the outside world for Mobile goes via the server, so you should look into any JWT component.

Hi Vikas,

There is one here https://www.outsystems.com/forge/component-overview/1853/jwt

Hope it helps!

Junaid

Junaid Ahmed Syed wrote:

Hi Vikas,

There is one here https://www.outsystems.com/forge/component-overview/1853/jwt

Hope it helps!

Junaid

 Hello Junaid,

I have checked this component but it says that is for the traditional web. So, can I use it with the mobile app that I am designing?

 

In my mobile app, the objective is that I would get a JWT token from API service which I need to decode first. Then use some parameters along with the newly retrieved parameters after decoding the JWT token and encode them to create a new JWT token to send it to the API service. 

I found 1 JWT component on forge but it is for the traditional web. So can I use that component in my mobile app?

If no, than what another way can I achieve my objective?

Hi Vikas,

1) JWTs are immutable. They are signed by the issuer, so you cannot tamper with them. The whole point of JWTs is that you have a token that cannot be altered, but does contain information to identify the bearer, to the server receiving it. Never ever you should need to interpret the content of a JWT at the client. And it's impossible by design to "add some parameters" to it.

2) All API calls made in OutSystems by a Mobile App go through the server. Unless you perform a REST call in JavaScript, there shouldn't be a need for JWT handling in the mobile app itself.

Kilian Hekhuis wrote:

Hi Vikas,

1) JWTs are immutable. They are signed by the issuer, so you cannot tamper with them. The whole point of JWTs is that you have a token that cannot be altered, but does contain information to identify the bearer, to the server receiving it. Never ever you should need to interpret the content of a JWT at the client. And it's impossible by design to "add some parameters" to it.

2) All API calls made in OutSystems by a Mobile App go through the server. Unless you perform a REST call in JavaScript, there shouldn't be a need for JWT handling in the mobile app itself.

 Hi Killian,

I would like to apologize for not framing the objective correctly.

The objective is that I would get a JWT token from API service which I need to decode first. Then use some parameters along with the newly retrieved parameters after decoding the JWT token and encode them to create a new JWT token to send it to the API service.

 

It is, in general, not advisable to use JWTs for information interchange. You have a mobile app, so there's no way for the API service to trust your self-signed JWT. What kind of API needs this?

Solution

Hello All,

Actually with the current components available on Forge I was unable to solve the my issue so I ended up creating a Extension using the Integration Studio which solved the problem.

Thanks All

Solution