JWT JSON Web Tokens and Omnis Studio
reg.paling at lokanet.com
Fri Jun 11 00:41:41 UTC 2021
Hi Marten and Bas,
Thanks for these replies, and good to know I can expect it to be fairly
I think I might try using the jsonwebtoken npm library -
https://www.npmjs.com/package/jsonwebtoken. I know I could put it
together with the lower-level Omnis workers, but this seems like the
ideal time to bite the bullet and get into node.js with Omnis.
On 9/6/21 6:17 am, Marten Verhoeven wrote:
> We also use JWT. For the Hash (HMAC) we created an xcomp, but when Omnis created the crypto and hash wokers we asked for HMAC to be included, which they have. As we haven't switched to 10.2 yet I haven't converted yet, but you probably can now use the built-in functionality.
> With kind regards,
> -----Oorspronkelijk bericht-----
> Van: omnisdev-en [mailto:omnisdev-en-bounces at lists.omnis-dev.com] Namens Bastiaan Olij
> Verzonden: Tuesday, 8 June 2021 00:21
> Aan: omnisdev-en at lists.omnis-dev.com
> Onderwerp: Re: JWT JSON Web Tokens and Omnis Studio
> Hey Reg,
> Been awhile since I did my implementation but it was pretty straight forward.
> JSON Web Tokens are basically 2 JSON segments, one identifying the hash algorithm and one with your actual data (and a few mandatory fields).
> You base64 both documents and concatenate them. Then create a hash and
> base64 the outcome.
> Concatenate all 3 base64 strings and you have your token.
> The encryption information and your data aren't actually encrypted and anyone who has the token can just decode them using base64 so don't put anything secret in there. It's the 3rd part which encodes the hash which allows you to verify the data came from a known source as only the source and destination have the secret key.
> Now I did the hashing in PostgreSQL with its crypto library, not in Omnis, I'm not 100% sure if Omnis can do the required hash.
> See more: https://jwt.io/
> On 6/7/2021 11:01 PM, Reg Paling wrote:
>> Hi all,
>> I need to work with JSON Web Tokens, specifically to generate them and
>> sign them.
>> Any recommendations for the sweetest approach in Studio 10.2?
More information about the omnisdev-en