JWT JSON Web Tokens and Omnis Studio
m.verhoeven at van-beek.nl
Tue Jun 8 20:17:19 UTC 2021
We also use JWT. For the Hash (HMAC) we created an xcomp, but when Omnis created the crypto and hash wokers we asked for HMAC to be included, which they have. As we haven't switched to 10.2 yet I haven't converted yet, but you probably can now use the built-in functionality.
With kind regards,
Van: omnisdev-en [mailto:omnisdev-en-bounces at lists.omnis-dev.com] Namens Bastiaan Olij
Verzonden: Tuesday, 8 June 2021 00:21
Aan: omnisdev-en at lists.omnis-dev.com
Onderwerp: Re: JWT JSON Web Tokens and Omnis Studio
Been awhile since I did my implementation but it was pretty straight forward.
JSON Web Tokens are basically 2 JSON segments, one identifying the hash algorithm and one with your actual data (and a few mandatory fields).
You base64 both documents and concatenate them. Then create a hash and
base64 the outcome.
Concatenate all 3 base64 strings and you have your token.
The encryption information and your data aren't actually encrypted and anyone who has the token can just decode them using base64 so don't put anything secret in there. It's the 3rd part which encodes the hash which allows you to verify the data came from a known source as only the source and destination have the secret key.
Now I did the hashing in PostgreSQL with its crypto library, not in Omnis, I'm not 100% sure if Omnis can do the required hash.
See more: https://jwt.io/
On 6/7/2021 11:01 PM, Reg Paling wrote:
> Hi all,
> I need to work with JSON Web Tokens, specifically to generate them and
> sign them.
> Any recommendations for the sweetest approach in Studio 10.2?
> Manage your list subscriptions at http://lists.omnis-dev.com Start a
> new message -> mailto:omnisdev-en at lists.omnis-dev.com
bastiaan at muxworks.com.au
Manage your list subscriptions at http://lists.omnis-dev.com Start a new message -> mailto:omnisdev-en at lists.omnis-dev.com
More information about the omnisdev-en