locked
Using JWT and connecting to server RRS feed

  • Question

  • User-1458727574 posted

    I posted a question here: https://social.msdn.microsoft.com/Forums/en-US/cbc8785a-0c51-47ef-b228-f5e829e358f1/using-jwt-and-connecting-to-server?forum=csharpgeneral

    I knew it would be in the wrong place because no matter where I think it should go, someone else has a different opinion, so I am posting it here in its entirety.

    I've read up on JWT and in principle it seems reasonably straightforward. The problem I have is that I cannot find decent examples of what I am trying to do. First of all, I am writing a C# application. It is the client. My customer has a web API where I used to send data to it, and they have now asked that I modify the code in my client to connect to their server using JWT. They have given me a URL and if I use Postman and hit that URL, add in the supplied user name and password, I get back this:

    {
        "AuthToken": "Bearer eyJhbGciOiJSUzI1NiJ9.eyXXXXXXXXXXT04iOiJGT1JXQVJESU5HLUFMTCIsIlVTRVJfREFUQSI6IntcInVzZXJJRFwiOlwiVEFSQUtcIixcIm93bmVySWRcIjpcIkhRXCIsXCJhdXRoT3duZXJJZHNcIjpcIkRQTy1VUyxEUE8tQk9TLEhRLEZYVCxIRUxFTjAsSlBOLFNHLFhQTy1CT1MsRlJBLExRQ09NLVNIQSxNQU4sUEFSLFhQT0wsXXXXXXXXXXxRQ09NLUxBWCxNSUEsU0hBMSxZQ0hDT00tRVBBLEpBTSxLT0IsU0lOLFVTQSxYUE8tVVMsU0hBLEJPUyxDTixDVFJZR0IsQ1RSWUlULEVVLExRQ09NLVNJTixCSlMsRE9SLEtJTixMQVgsQVRMLENUUllOTCxHT0EsR1lIX0NPTSxMT04sRFBPLU1JQSxEUE8tQVRMLERQTy1MQVgsRFBPLVNHLE5ZQyxEUE9MLERQTy1TSU4sRFBPLUNOLERQTy1TSEFcIixcImRic2NoZW1hXCI6XCJcIixcInNjb3BlXCI6XCJGT1JXQVJESU5HLUFMTFwifSIsIlRPS0VOX1VTRVJfSUQiOiJUQVJBSyIsImlzcyI6IkZPUldBUkRJTkciLCJzdWIiOiJGT1JXQVJESU5HLUFMTCIsImlhdCI6MTU2OTMzNDQ3MywiZXhwIjoxNTY5MzM0NTkzfQ.Bna0lv_6wjscunGUHFeW4JW-aY-iE1bliA1tmJwoWvRvzyOVvGb9n9U2r4IomoXOAJmOk9YX41j5eBlypOYYPo4d5xKBII0S2rPmGsPAW2fltMCbiRVJjZNNboT0b4vs8qKpYqOwPOpuvehiB54WZ5BlkmYfRbg0quw9oftExNxVYROUV2fHWpawW3-CjREcHEmukqwDO5KXwY4GGH8KNwjAkg2f1SyUwkawUxS85bUNV_4_4kJmq8Aj0_eB-uF3eJ82Ng12eK3PdHuXzkVWY_wE1F9thEdQk0aPWeulpSlPx5ITAQ20cc1CNzqZGdFib82gm-0UHE5IWwcFJbJscA",
        "Expires": "2019-09-24T14:16:33.178Z"
    }

    So, I know the supplied details work. What I am trying to do now is work out how I am supposed to use that within my client application. If there is an error (let's say the supplied details aren't right, then I get this response:

    {
        "Message": [
            {
                "Type": "ERROR",
                "ErrorCode": "1005",
                "Text": "Unauthorized Access : Please check token/user credentials"
            }
        ]
    }

    So, at the moment, I have not installed any JWT Nuget packages as there are loads and I cannot find any reason to choose one over the other. All examples I read on the net are about how to write the server side bit and nothing that I can find that shows how to be the consumer.

    My client application is run via a Windows scheduled task. It runs twice a day. All it does is pull data from a Sage accounts system and constructs a bunch of objects which are then serialised into XML and sent to the customer. All that bit works and I can still get the serialised XML string, but I just don't know how to connect to the server using JWT and send it and manage the responses whether it is an error or success. Any pointers from anyone about how to post to a web service that uses JWT?

    Thanks

    Wednesday, September 25, 2019 10:35 AM

Answers

  • User475983607 posted

    Pretty simple really.  First get a token from the token endpoint.  Seems that you can do that already?  Then add the token to the HTTP Authorization header when requesting secured resources.  Its' not real clear what HTTP Client you are using but adding a header is pretty simple just read the docs.

    Authorization: Bearer eyJhbGciOiJSUzI1NiJ9....

    The token response also contains the expiration.  You need expiration so you know when to request a new token.  BTW, persisting the token is up to you.

    JWTs are very common and the Internet is full of information.

    https://jwt.io/introduction/

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Wednesday, September 25, 2019 12:02 PM

All replies

  • User475983607 posted

    Pretty simple really.  First get a token from the token endpoint.  Seems that you can do that already?  Then add the token to the HTTP Authorization header when requesting secured resources.  Its' not real clear what HTTP Client you are using but adding a header is pretty simple just read the docs.

    Authorization: Bearer eyJhbGciOiJSUzI1NiJ9....

    The token response also contains the expiration.  You need expiration so you know when to request a new token.  BTW, persisting the token is up to you.

    JWTs are very common and the Internet is full of information.

    https://jwt.io/introduction/

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Wednesday, September 25, 2019 12:02 PM
  • User-1458727574 posted

    Cheers. I wasn't sure if I needed a Nuget package or whether I just deal with it directly myself. I know the web is full of info, but most of what I've found shows how you deal with the server side of the coding and not the client side. Obviously not using the correct search terms or something.

    Wednesday, September 25, 2019 1:26 PM
  • User-1458727574 posted

    Picking the token up now. Just testing the different responses. I will test the sending using the token later. Thanks for your help.

    Wednesday, September 25, 2019 2:23 PM
  • User-1458727574 posted

    All good now. Picking the token up and I can now send the XML data with the token in the header.

    Thursday, September 26, 2019 11:24 AM