the
connected
app
Paul Bakker - The Orange Dots - ServoyWorld '17
(OPTIONS): get available operations on the resource?
Example: Content-Type: application/vnd.myname.v1+json
{
"links": {
"self": "http://example.com/articles",
"next": "http://example.com/articles?page[offset]=2",
"last": "http://example.com/articles?page[offset]=10"
},
"data": [{
"type": "articles",
"id": "1",
"attributes": {
"title": "JSON API paints my bikeshed!"
},
"relationships": {
"author": {
"links": {
"self": "http://example.com/articles/1/relationships/author",
"related": "http://example.com/articles/1/author"
},
"data": { "type": "people", "id": "9" }
},
"comments": {
"links": {
"self": "http://example.com/articles/1/relationships/comments",
"related": "http://example.com/articles/1/comments"
},
"data": [
{ "type": "comments", "id": "5" },
{ "type": "comments", "id": "12" }
]
}
},
"links": {
"self": "http://example.com/articles/1"
}
}]
}
JSON Web Tokens (JWT)
Text
/*--------------- authentication Server: Token Generation ---------------*/
let header = base64UrlEncode({
typ: 'JWT',
alg: 'RSASHA256'
});
let payload = base64UrlEncode({
userId: 'b08f86af-35da-48f2-8fab-cef3904660bd',
scopes:
});
let data = header + '.' + payload
let signature = RSASHA256(data, publicKey, privateKey);
let jwtToken = data + '.' + signature;
/*--------------- Client: HTTP Request ---------------*/
req.setRequestHeader('Authorization', 'Bearer ' + jwtToken);
/*--------------- Resource Server: handle request ---------------*/
let publicKey = getPublicKey();
let header = getHeader('Authorization');
let valid = verify(token, publicKey)
if (valid) {
let content = getTokenContent(token);
if (content.scopes.messages && content.scopes.messages.actions.includes('send')) {
//Authorized to send messages
//Your messages send logic here
} else {
//Handle not authorized
}
} else {
handle invalid token
}
Additional: JSON Web Signature (JWS), JSON Web Encryption (JWE)
{
...
scopes: {
messages: {
actions: ['send']
},
storage: {
actions: ['modify', 'delete']
},
location: {
actions: ['read']
},
...
}
}
Pros
Cons
Pros
Cons