Ask Question
« General Questions on Nuxeo

nuxeo-js-client - OAuth 2 JWT Flow authentification - SOLVED

Hi people,

I want to use a JWT token witch come from a specific API REST server in my angular 7 app to connect to nuxeo server through nuxeo-js-client and OAuth 2 JWT Flow** but I don't have an example. There are not a real example on how to implement OAuth 2 JWT Flow.

Nuxeo server side I use nuxeo.jwt.secret in nuxeo.conf to exchange secret between API REST and Nuxeo server to decode the JWT nuxeo side.

Thanks for help

freemann
Member (2.1K)   2   5   7 		04/04/2019 ( History)
0 votes
3 answers
1829 views
ANSWER
ANSWERS

Hi Thomas Roger,

I tried this code to force jwtToken but in http POST parameters there is not assertion but code, so I get http status 500

if (jwtToken !== null) {
  Nuxeo.oauth2.fetchAccessToken(this.nuxeoUri, this.clienId, jwtToken, {
   grant_type: 'urn:ietf:params:oauth:grant-type:jwt-bearer',
   }).then(function(myToken) {
      this.nuxeoClient = new Nuxeo({
              baseURL: this.nuxeoUri,
              apiPath: this.nuxeoApi,
              auth: {
                  method: 'bearerToken',
                  token: myToken,
              },
            // Activation du CORS
            headers: this.defaultHeader,
      });    
    });
}

In http POST parameters :

**code** eyJhbGciOiJIUzI1NiJ9.eyJzdWIi....
grant_type urn:ietf:params:oauth:grant-type:jwt-bearer
client_id Ng2

Thanks

freemann
Member (2.1K)   2   5   7 		04/05/2019 ( History)
0 votes
freemann
Thanks to Thomas Roger for https://jira.nuxeo.com/browse/NXJS-187
04/05/2019

Hey Thomas Roger, Thanks for your reply. I progress on my angular 7 app and nuxeo-js-client and I want to use JWT for authentication. So how to use OAuth2 flow in nuxeo-js-client ?

var code = ...
Nuxeo.oauth2.fetchAccessToken('http://localhost:8080/nuxeo', 'my-app', code, {
  redirect_uri: 'http://localhost:8000/authorize',
}).then(function(token) {
  // do something with the access token
  var nuxeo = new Nuxeo({
    auth: {
      method: 'bearerToken',
      token: token
    }
  });
});

Where can I use differents attributs like grant_type, assertion, etc.. It seems nuxeo-js-client have not implementation for use OAuth2 flow for requesting an Access Token with a JWT like

var jwtToken = ...
Nuxeo.oauth2.fetchAccessToken('http://localhost:8080/nuxeo', 'my-app', jwtToken).then(function(token) {
// do something with the access token
var nuxeo = new Nuxeo({
auth: {
method: 'bearerToken',
token: token
}
});
});

I Opend an issue to make a little update on nuxeo-js-client : https://github.com/nuxeo/nuxeo-js-client/issues/88

Thanks for help

freemann
Member (2.1K)   2   5   7 		04/04/2019 ( History)
0 votes

Hi,

I'm not sure I correctly understand what you want to achieve, but here are some thoughts:

Assuming you have a JWT token that can be read by the Nuxeo server (same JWT shared secret on the Nuxeo server and the specific API REST server), you need to do the OAuth2 flow with urn:ietf:params:oauth:grant-type:jwt-bearer as grant_type:

POST https://NUXEO_SERVER/nuxeo/oauth2/token?grant_type=urn:ietf:params:oauth:grant-type:jwt-bearer
&client_id=myApp&assertion=JWT_TOKEN

See https://doc.nuxeo.com/nxdoc/using-oauth2/#requesting-an-access-token-with-a-jwt

Thomas Roger
Member (4.3K)   1   5   5 		04/04/2019 ( History)
0 votes
Follow
Tags
Linked Questions
Related Questions
Requesting-an-access-token-with-a-jwt - SOLVED
Problem with OpenID Configuration
Configure new OpenID Provider - OAuth2 Login auth0.com
Authentication and Automation APIs
using JWTAuthInterceptor in Nuxeo Java Client
How to make web ui use custom authentication plugin to authenticate the user?
Requesting an Access Token with an Authorization Code dont give me a token
Custom Authentication not working as expected with Java Client SDK
REST API call to NP8.3 works, yet the very same call to NP9.1 fails with "java.lang.IllegalStateException: Already connected"