Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Updated JWT authorization templates to make them work like OAUTH templates #383

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Updated JWT authorization templates to make them work like OAUTH templates #383

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 3 additions & 0 deletions Templates/ODataCustomAuthController.tpl
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,4 +1,7 @@
<CODEGEN_FILENAME>AuthenticationController.dbl</CODEGEN_FILENAME>
<REQUIRES_USERTOKEN>CUSTOM_AUTH_CONTROLLER_PATH</REQUIRES_USERTOKEN>
<REQUIRES_USERTOKEN>CUSTOM_AUTH_USERNAME</REQUIRES_USERTOKEN>
<REQUIRES_USERTOKEN>CUSTOM_AUTH_PASSWORD</REQUIRES_USERTOKEN>
;;*****************************************************************************
;;
;; Title: AuthenticationController.dbl
Expand Down
22 changes: 12 additions & 10 deletions Templates/ODataCustomAuthTools.tpl
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,4 +1,7 @@
<CODEGEN_FILENAME>AuthenticationTools.dbl</CODEGEN_FILENAME>
<REQUIRES_USERTOKEN>CUSTOM_JWT_ISSUER</REQUIRES_USERTOKEN>
<REQUIRES_USERTOKEN>CUSTOM_JWT_AUDIENCE</REQUIRES_USERTOKEN>
<REQUIRES_USERTOKEN>CUSTOM_JWT_GETKEY</REQUIRES_USERTOKEN>
;;*****************************************************************************
;;
;; Title: AuthenticationTools.dbl
Expand Down Expand Up @@ -35,8 +38,9 @@ namespace <NAMESPACE>

public static method GetKey, [#]Byte
proc
;TODO: Obtain the private encryption key. PLEASE don't do it this way in production environments.
mreturn Encoding.UTF8.Getbytes("This is the secret value or password that is used as the encryption key. In production environments you should use something far more complex and random, and should not embed the value in source code like this. We recommend using some secure key storage mechanism such as Azure KeyVault. <GUID_NOBRACE>")
;Obtain the private encryption key.
;TODO: This is the secret value or password that is used as the encryption key. In production environments you should use something far more complex and random, and you SHOULD NOT embed the value in source code. We recommend using some secure key storage mechanism such as Azure KeyVault.
mreturn <CUSTOM_JWT_GETKEY>
endmethod

private static ourKey, @SymmetricSecurityKey, new SymmetricSecurityKey(GetKey())
Expand All @@ -46,11 +50,6 @@ namespace <NAMESPACE>
aTokenDuration, int
;;Cound add other parameters to pass in custom claims to be added to the JWT.

record
logical, a40
loglen, i4
tokdur, d8

proc

;;Token duration in hours
Expand All @@ -60,16 +59,19 @@ namespace <NAMESPACE>
tokenDuration = aTokenDuration
else
begin
data logical, a40
data loglen, i4
data tokdur, d8
xcall getlog('HARMONY_TOKEN_DURATION',logical,loglen)
if (loglen) then
if (loglen)
begin
tokdur = ^d(logical(1:loglen))
tokenDuration = tokdur
if (tokenDuration > 8767)
tokenDuration = 8767 ;max is 1 year
end
else
tokenDuration = 0

;; special cases for overriding default token duration
if(tokenDuration < 1)
begin
using aTokenDuration select
Expand Down