Token-based authentication works by ensuring that each request sent to the server is accompanied by a signed token which the server verifies for authenticity and only then responds to the request.
Adding Token-Based Authentication to a resource in Warewolf adds a layer of integrity and authentication before allowing a resource to be executed.
How it works
- A user will be required to request an Authentication Token from the server using:
https://myserver:3142/login?authenticationKey=XR5L2NsYWltcy9hdXRoZW50aWNhdGlvbiI6
The workflow /login is an Authentication Workflow created by you. Regardless of what it is called, the URL will be /login. For the purpose of this example, this Authentication Workflow expects an authenticationKey for the authentication.
Check out Creating an Authentication Workflow for the example.
2. A JWT(JSON Web Token) will be returned as follows:
{
"token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJodHRwOi8vc2NoZW1hcy54b
Wxzb2FwLm9yZy93cy8yMDA1LzA1L2lkZW50aXR5L2NsYWltcy9hdXRoZW50aWNhdGlvbiI6
IntcclxuICBcIlVzZXJHcm91cHNcIjogW1xyXG4gICAge1xyXG4gICAgICBcIk5hbWVcIjog
XCJHdWVzdFwiXHJcbiAgICB9XHJcbiAgXVxyXG59IiwibmJmIjoxNTkxMTg2MTU4LCJleHAi
OjE1OTExODczNTgsImlhdCI6MTU5MTE4NjE1OH0.LrEtwU5-y2AmGvmWUdDMP59u8RyeHMft0
34B8H4vOxg"
}
3. This token will be added to the Authorisation header as a Bearer Token for any subsequent requests. It will be valid for reuse for 20 minutes.
Instead of using /secure/ or /public/ in the workflow url, /token/ is now used.
An example of a NodeJs request using an Authentication Token.
var request = require('request'); var options = { 'method': 'POST', 'url': 'http://myserver:3142/token/GetMonthlySalesDataCC1?month=06&year=2020', 'headers': { 'Authorization': 'Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA1LzA1L2lkZW50aXR5L2NsYWltcy9hdXRoZW50aWNhdGlvbiI6IntcclxuICBcIlVzZXJHcm91cHNcIjogW1xyXG4gICAge1xyXG4gICAgICBcIk5hbWVcIjogXCJHdWVzdFwiXHJcbiAgICB9XHJcbiAgXVxyXG59IiwibmJmIjoxNTkxMTg2MTU4LCJleHAiOjE1OTExODczNTgsImlhdCI6MTU5MTE4NjE1OH0.LrEtwU5-y2AmGvmWUdDMP59u8RyeHMft034B8H4vOxg' } }; request(options, function (error, response) { if (error) throw new Error(error); console.log(response.body); });
For help setting up Token-Based Authentication check out Configuring Token-Based Authentication.