nuxeo-js-client - OAuth 2 JWT Flow authentification

Hi people,

I want to use a JWT token witch come from a specific API REST server in my angular 7 app to connect to nuxeo server through nuxeo-js-client and OAuth 2 JWT Flow** but I don't have an example. There are not a real example on how to implement OAuth 2 JWT Flow.

Nuxeo server side I use nuxeo.jwt.secret in nuxeo.conf to exchange secret between API REST and Nuxeo server to decode the JWT nuxeo side.

Thanks for help

0 votes

3 answers

189 views

ANSWER



Hi Thomas Roger,

I tried this code to force jwtToken but in http POST parameters there is not assertion but code, so I get http status 500

if (jwtToken !== null) {
  Nuxeo.oauth2.fetchAccessToken(this.nuxeoUri, this.clienId, jwtToken, {
   grant_type: 'urn:ietf:params:oauth:grant-type:jwt-bearer',
   }).then(function(myToken) {
      this.nuxeoClient = new Nuxeo({
              baseURL: this.nuxeoUri,
              apiPath: this.nuxeoApi,
              auth: {
                  method: 'bearerToken',
                  token: myToken,
              },
            // Activation du CORS
            headers: this.defaultHeader,
      });    
    });
}

In http POST parameters :

**code** eyJhbGciOiJIUzI1NiJ9.eyJzdWIi....
grant_type urn:ietf:params:oauth:grant-type:jwt-bearer
client_id Ng2

Thanks

0 votes




Hey Thomas Roger, Thanks for your reply. I progress on my angular 7 app and nuxeo-js-client and I want to use JWT for authentication. So how to use OAuth2 flow in nuxeo-js-client ?

var code = ...
Nuxeo.oauth2.fetchAccessToken('http://localhost:8080/nuxeo', 'my-app', code, {
  redirect_uri: 'http://localhost:8000/authorize',
}).then(function(token) {
  // do something with the access token
  var nuxeo = new Nuxeo({
    auth: {
      method: 'bearerToken',
      token: token
    }
  });
});

Where can I use differents attributs like grant_type, assertion, etc.. It seems nuxeo-js-client have not implementation for use OAuth2 flow for requesting an Access Token with a JWT like

var jwtToken = ...
Nuxeo.oauth2.fetchAccessToken('http://localhost:8080/nuxeo', 'my-app', jwtToken).then(function(token) {
// do something with the access token
var nuxeo = new Nuxeo({
auth: {
method: 'bearerToken',
token: token
}
});
});

I Opend an issue to make a little update on nuxeo-js-client : https://github.com/nuxeo/nuxeo-js-client/issues/88

Thanks for help

0 votes



Hi,

I'm not sure I correctly understand what you want to achieve, but here are some thoughts:

Assuming you have a JWT token that can be read by the Nuxeo server (same JWT shared secret on the Nuxeo server and the specific API REST server), you need to do the OAuth2 flow with urn:ietf:params:oauth:grant-type:jwt-bearer as grant_type:

POST https://NUXEO_SERVER/nuxeo/oauth2/token?grant_type=urn:ietf:params:oauth:grant-type:jwt-bearer
&client_id=myApp&assertion=JWT_TOKEN

See https://doc.nuxeo.com/nxdoc/using-oauth2/#requesting-an-access-token-with-a-jwt

0 votes