JWT in Elm

About me

• Adam Kučera
• Developer in CN Group
• Mostly Java, but I've fallen for Elm because of an Internal project

@Wrent
Code on Github

What is JSON Web Token?

• Standardized in RFC 7519
• compact and self-contained way for securely transmitting information between parties as a JSON object
• Used for authentication, e.g. between microservices
   
• Secured by a secret key, but readable by everyone!
• The secret key is there to check the token integrity
   

How does it look like?

Source: JWT.io

How can you use it?

• HTTP Header: Authorization: Bearer <token>

• There may be two different servers

Our flow

• SSO Auth server
• Load SSO with ?backUrl parameter
• Log in using your credentials
• On success, redirect to backUrl with a reservationId
• Use reservationId to obtain the JWT token via POST request
• Use JWT to access any resources
• Refresh tokens... (not digging into that)

What will be used?

• simonh1000/elm-jwt for parsing JWT
• Bogdanp/elm-querystring for GET parameters
• krisajenkins/remotedata for POST requests
• gdotdesign/elm-storage for Session Storage (elm-install package manager ! )
• Elm Flags for configuration and Date insertion
• Elm Tasks for reading the data from Storage

How it works for us

1. Initialize the app from JavaScript flags (on app load)
2. Try to read the reservationId from URL
3. Remove reservationId
4. Try to read token from Storage
5. OR use reservationId to query for token

4. creates a new Task, which needs to be handled

5. creates a Request, which needs to be handled

6. we also implement events for Login (when there was nothing in storage and no reservationId) and Logout

Let's do it

(the update method at least)

If you have questions about any part specifically, just ask and we can go deeeper.