Custom Authentication Methods - REST API - Security
1
Hello, I am trying to secure my rest API using token based authentication. My issue is that I don't exactly understand the steps I have to follow in order for this to make it work. I am not exactly sure what to place in the Auth_Microflow. I imagined there should be a token parameter in the header. But how is this token generated? Where does it come from? How can I validate it even if I were to receive it in the request. I've been told to look at JWT mendix module in the marketplace but it's been a struggle to understand how this works. Thank you, Marcian.
asked
Marcian Bondoc
1 answers
3
Hi Marcian,
When you set Published Rest to use a Custom autentication, you have to Validate the Data all by yourself in your MicroFlow;
Lets say you have a Entity with “Allowed” Consumers,
The consumers will pass a header with user and password base64Encoded like
Authorization: Basic YWxhZGRpbjpvcGVuc2VzYW1l
Within you Microflow you can analise this datas
Than you can Retrieve and compare the data passed by in Header ou Parameters, and decide if the request is valid or Not;
WS Security
Pseudo Microflow
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Authorization
Regarts
answered
Alexandre Sepe