Question

Publishing REST service with oauth2

1

How can we publish a REST service using tokens with oauth2? How can we generate and provide the tokens and how can we check if a token is valid?

asked 2022-03-23

Carlo Rutten

1 answers

Sjors Schultz · Accepted Answer · 2022-03-28

Hi Carlo,

How I developed this is:

- Create functionality to create ClientId and ClientSecret, for instance with a java library like SecureRandom;

- Connect the id & secret to a user.

- Let the client base64 encode the ‘id:secret’ and use it with Authorization basic header to call your token endpoint to generate a jwt token

- Set authentication to none on this endpoint, but check in the microflow if the credentials match by base64decoding the authorization basic header

- If the authorization is successful use the JWT module by Webflight to generate your tokenstring and return the token. Save the token to the database for authentication of other requests.

- Publish a rest service with authentication set to custom, use Authorization bearer header to get your JWT token string, and decode it with the JWT module.

- Use your JWT token to check if it's valid and then get the right user for the request.

- Continue with the request in your endpoint microflow like you normally would.

My module for generating clientid/secret, creating tokens and authenticating is for sale and available in Mendix 7, 8 or 9.