Custom Authentication Methods - REST API - Security

Hello,   I am trying to secure my rest API using token based authentication. My issue is that I don't exactly understand the steps I have to follow in order for this to make it work. I am not exactly sure what to place in the Auth_Microflow. I imagined there should be a token parameter in the header. But how is this token generated? Where does it come from? How can I validate it even if I were to receive it in the request. I've been told to look at JWT mendix module in the marketplace but it's been a struggle to understand how this works.   Thank you, Marcian.
1 answers

Hi Marcian, 


When you set Published Rest to use a Custom autentication, you have to Validate the Data all by yourself in your MicroFlow;

Lets say you have a Entity with “Allowed” Consumers, 

The consumers will pass a header with user and password base64Encoded like

Authorization: Basic YWxhZGRpbjpvcGVuc2VzYW1l

Within you Microflow you can analise this datas 

Than you can Retrieve and compare the data passed by in Header ou Parameters, and decide if the request is valid or Not;


WS Security

Pseudo Microflow