From a9a987e5eb1bd5521dcf5e532af4fad975f40d00 Mon Sep 17 00:00:00 2001
From: William Hawkins <William.Hawkins@synergex.com>
Date: Wed, 26 Feb 2025 10:50:21 -0800
Subject: [PATCH] Updated JWT authorization templates to make them work like
OAUTH templates
---
Templates/ODataCustomAuthController.tpl | 3 +++
Templates/ODataCustomAuthTools.tpl | 22 ++++++++++++----------
2 files changed, 15 insertions(+), 10 deletions(-)
diff --git a/Templates/ODataCustomAuthController.tpl b/Templates/ODataCustomAuthController.tpl
index e5b777a5..f3e7cb8a 100644
--- a/Templates/ODataCustomAuthController.tpl
+++ b/Templates/ODataCustomAuthController.tpl
@@ -1,4 +1,7 @@
<CODEGEN_FILENAME>AuthenticationController.dbl</CODEGEN_FILENAME>
+<REQUIRES_USERTOKEN>CUSTOM_AUTH_CONTROLLER_PATH</REQUIRES_USERTOKEN>
+<REQUIRES_USERTOKEN>CUSTOM_AUTH_USERNAME</REQUIRES_USERTOKEN>
+<REQUIRES_USERTOKEN>CUSTOM_AUTH_PASSWORD</REQUIRES_USERTOKEN>
;;*****************************************************************************
;;
;; Title: AuthenticationController.dbl
diff --git a/Templates/ODataCustomAuthTools.tpl b/Templates/ODataCustomAuthTools.tpl
index 844651f6..baa28bab 100644
--- a/Templates/ODataCustomAuthTools.tpl
+++ b/Templates/ODataCustomAuthTools.tpl
@@ -1,4 +1,7 @@
<CODEGEN_FILENAME>AuthenticationTools.dbl</CODEGEN_FILENAME>
+<REQUIRES_USERTOKEN>CUSTOM_JWT_ISSUER</REQUIRES_USERTOKEN>
+<REQUIRES_USERTOKEN>CUSTOM_JWT_AUDIENCE</REQUIRES_USERTOKEN>
+<REQUIRES_USERTOKEN>CUSTOM_JWT_GETKEY</REQUIRES_USERTOKEN>
;;*****************************************************************************
;;
;; Title: AuthenticationTools.dbl
@@ -35,8 +38,9 @@ namespace <NAMESPACE>
public static method GetKey, [#]Byte
proc
- ;TODO: Obtain the private encryption key. PLEASE don't do it this way in production environments.
- mreturn Encoding.UTF8.Getbytes("This is the secret value or password that is used as the encryption key. In production environments you should use something far more complex and random, and should not embed the value in source code like this. We recommend using some secure key storage mechanism such as Azure KeyVault. <GUID_NOBRACE>")
+ ;Obtain the private encryption key.
+ ;TODO: This is the secret value or password that is used as the encryption key. In production environments you should use something far more complex and random, and you SHOULD NOT embed the value in source code. We recommend using some secure key storage mechanism such as Azure KeyVault.
+ mreturn <CUSTOM_JWT_GETKEY>
endmethod
private static ourKey, @SymmetricSecurityKey, new SymmetricSecurityKey(GetKey())
@@ -46,11 +50,6 @@ namespace <NAMESPACE>
aTokenDuration, int
;;Cound add other parameters to pass in custom claims to be added to the JWT.
- record
- logical, a40
- loglen, i4
- tokdur, d8
-
proc
;;Token duration in hours
@@ -60,16 +59,19 @@ namespace <NAMESPACE>
tokenDuration = aTokenDuration
else
begin
+ data logical, a40
+ data loglen, i4
+ data tokdur, d8
xcall getlog('HARMONY_TOKEN_DURATION',logical,loglen)
- if (loglen) then
+ if (loglen)
begin
tokdur = ^d(logical(1:loglen))
tokenDuration = tokdur
if (tokenDuration > 8767)
tokenDuration = 8767 ;max is 1 year
end
- else
- tokenDuration = 0
+
+ ;; special cases for overriding default token duration
if(tokenDuration < 1)
begin
using aTokenDuration select