Getting authorization token
Introduction
A common problem when dealing with network requests is verifying that the request can be made by the person/app requesting it. to solve this the JSON web Token standard was introduced that allows to verify via the use of attached token that the request was made by someone who is authorized to do so.
The common pattern is to include this token in the request headers that are passed along with the request. This tutorial describes in detail how to access the request headers to extract the authorization token so that it can be verified by ACE or passed via REST or SOAP request to backend that ACE is trying to access.
The methods applied in this tutorial with slight modifications can be used to other methods of authentication as well (e..g Basic Auth) or any other information that is passed along with the request headers
Step by Step instructions
To be able to test how the flow in this tutorial works you must use an application that can make network requests to the Dynamic API that is attached to this flow (e.g. PostMan)
Extracting request headers
The first step that needs to be taken is to get the http headers from request.
Since http headers are stored in $headers variable that is not accessible in flow configurations we need to use JSON Map step to attach the headers to a doc node.
For keeping consistency lets name the doc node headers and attach headers to that.
- stepType: map
config:
maps:
- regex: null
targetPath: headers
value: "{{$headers}}"
name: JSON Map
description: ""
condition: ""
Extracting JWT from authorization token
To extract token from the headers property we will use a simple JSONATA string function $substringAfter(headers.authorization, ' ') that extracts the rest of the string after a condition is met.
Since authorization token in the header comes as "Bearer token-value" this expression will grab the token from the authorization header.
And now that we have the token we will attach it to the token node.
- stepType: jsonata
config:
maps:
- mergeArrayItems: {}
jsonata: $substringAfter(headers.authorization, ' ')
targetPath: token
name: JSONATA Map
description: ""
condition: ""
Using the token
Now that we have extracted the token to a doc node we can use it either in JWT step to verify the validity of the token or in REST/SOAP request to pass it to another application.
If we would like to make the flow reusable then we most likely want to return the token in the result node.
Cleanup
To do that we first need to cleanup the properties that we don't want to keep.
For that we can use the JSON Clean step.
- stepType: clean-object
config:
paths:
- removePath: headers
name: JSON Clean
description: ""
condition: ""
Returning the token
Now that the not needed properties have been removed from the flow we can return the token using the Input Transform step by mapping everything we have in the doc context to the result node.
- stepType: input-transform
config:
key: result
name: Input Transform
description: ""
condition: ""
Making it work
Now to work with this flow you can make it reusable and use within a mixed flow (so that the logic built here can be used in all flows that require JWT extraction) or if you wish to experiment with it, you should create a Dynamic API endpoint that executes the logic within this flow to allow you testing it via PostMan or some other tool.
Finished flow
tags:
- general
steps:
- stepType: map
config:
maps:
- regex: null
targetPath: headers
value: "{{$headers}}"
name: JSON Map
description: ""
condition: ""
- stepType: jsonata
config:
maps:
- mergeArrayItems: {}
jsonata: $substringAfter(headers.authorization, ' ')
targetPath: token
name: JSONATA Map
description: ""
condition: ""
- stepType: clean-object
config:
paths:
- removePath: headers
name: JSON Clean
description: ""
condition: ""
- stepType: input-transform
config:
key: result
name: Input Transform
description: ""
condition: ""
sampleData:
headers:
authorization: Bearer
eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c