1. Home
  2. Using Warewolf
  3. Security – Token-Based Authentication

Security – Token-Based Authentication

Token-based authentication works by ensuring that each request sent to the server is accompanied by a signed token which the server verifies for authenticity and only then responds to the request.

Adding Token-Based Authentication to a resource in Warewolf adds a layer of integrity and authentication before allowing a resource to be executed.

How it works

token-based-auth-diagram

  1. A user will be required to request an Authentication Token from the server using:
https://myserver:3142/login?authenticationKey=XR5L2NsYWltcy9hdXRoZW50aWNhdGlvbiI6

The workflow /login is an Authentication Workflow created by you. Regardless of what it is called, the URL will be /login. For the purpose of this example, this Authentication Workflow expects an authenticationKey for the authentication.
Check out Creating an Authentication Workflow for the example.

2. A JWT(JSON Web Token) will be returned as follows:

{
 "token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJodHRwOi8vc2NoZW1hcy54b
Wxzb2FwLm9yZy93cy8yMDA1LzA1L2lkZW50aXR5L2NsYWltcy9hdXRoZW50aWNhdGlvbiI6
IntcclxuICBcIlVzZXJHcm91cHNcIjogW1xyXG4gICAge1xyXG4gICAgICBcIk5hbWVcIjog
XCJHdWVzdFwiXHJcbiAgICB9XHJcbiAgXVxyXG59IiwibmJmIjoxNTkxMTg2MTU4LCJleHAi
OjE1OTExODczNTgsImlhdCI6MTU5MTE4NjE1OH0.LrEtwU5-y2AmGvmWUdDMP59u8RyeHMft0
34B8H4vOxg"
}

3. This token will be added to the Authorisation header as a Bearer Token for any subsequent requests. It will be valid for reuse for 20 minutes.
Instead of using /secure/ or /public/ in the workflow url, /token/ is now used.

An example of a NodeJs request using an Authentication Token.

var request = require('request');
var options = {
'method': 'POST',
'url': 'http://myserver:3142/token/GetMonthlySalesDataCC1?month=06&year=2020',
'headers': {
'Authorization': 'Bearer  eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA1LzA1L2lkZW50aXR5L2NsYWltcy9hdXRoZW50aWNhdGlvbiI6IntcclxuICBcIlVzZXJHcm91cHNcIjogW1xyXG4gICAge1xyXG4gICAgICBcIk5hbWVcIjogXCJHdWVzdFwiXHJcbiAgICB9XHJcbiAgXVxyXG59IiwibmJmIjoxNTkxMTg2MTU4LCJleHAiOjE1OTExODczNTgsImlhdCI6MTU5MTE4NjE1OH0.LrEtwU5-y2AmGvmWUdDMP59u8RyeHMft034B8H4vOxg'
}
};
request(options, function (error, response) {
if (error) throw new Error(error);
console.log(response.body);
});

For help setting up Token-Based Authentication check out Configuring Token-Based Authentication.

FacebookTwitterLinkedInGoogle+Email
Updated on July 17, 2020

Was this article helpful?

Related Articles

Enjoying Warewolf?

Write a review on G2 Crowd
Stars