Versions Compared

Old Version 25

changes.mady.by.user Francesco Davide Lapenta

Saved on

compared with

New Version 26

changes.mady.by.user Francesco Davide Lapenta

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Code Block
languagebash
themeMidnight
curl -k -sS -X GET "http://$KEYCLOAK_HOST/auth/admin/realms/$REALM_NAME/clients/$CLIENT_ID/client-secret" \
        -H "Content-Type: application/json" \
        -H "Authorization: Bearer $ACCESS_TOKEN"


Demo with tokens and clientId extraction for using it as serviceId


To generate a JWT token and parse a value from it demonstration. 
Below, I'll outline the steps to achieve this, including generating a JWT, sending it in a request header, and then parsing a value (like `client_id`) from the JWT payload.

Generating a JWT Token using Bash

Note that this example is for educational purposes and doesn't include proper security practices like using secure keys.


Code Block
languagebash
themeMidnight
# Create JWT header and payload
header='{"alg": "HS256", "typ": "JWT"}'
payload='{"iss": "example_issuer", "sub": "1234567890", "aud": "myclient", "exp": 3000000000, "client_id": "myclient", "role": "user"}'

# Base64 encode the header and payload
header_base64=$(echo -n $header | openssl base64 -e | tr -d '=' | tr '/+' '_-')
payload_base64=$(echo -n $payload | openssl base64 -e | tr -d '=' | tr '/+' '_-')

# Create a signature
secret="your-256-bit-secret"
signature_base64=$(echo -n "${header_base64}.${payload_base64}" | openssl dgst -sha256 -hmac $secret -binary | openssl base64 -e | tr -d '=' | tr '/+' '_-')

# Combine to form the JWT
jwt="${header_base64}.${payload_base64}.${signature_base64}"
echo "JWT: $jwt"

This script generates a JWT and prints it out. Replace "your-256-bit-secret" with a proper secret key.

Sending the JWT in a REST Request Header

You can use curl to send the JWT in a request header:

Code Block
languagebash
themeMidnight
curl -H "Authorization: Bearer $jwt" http://A1PMS/policy..

Parsing the JWT Payload in Java

Here's an example of how to parse the `client_id` from the JWT in Java:


Code Block
languagejava
themeMidnight
import java.util.Base64;
import javax.json.Json;
import javax.json.JsonObject;
import javax.json.JsonReader;
import java.io.StringReader;

public class ParseJWT {
    public static void main(String[] args) {
        // Assume token is passed or retrieved from headers
        String token = "your.jwt.token.here";
        
        // Split token into its parts
        String[] chunks = token.split("\\.");
        Base64.Decoder decoder = Base64.getUrlDecoder();
        
        // Decode payload
        String payload = new String(decoder.decode(chunks[1]));
        
        // Parse JSON
        JsonReader jsonReader = Json.createReader(new StringReader(payload));
        JsonObject jsonObject = jsonReader.readObject();
        jsonReader.close();
        
        // Extract the client_id
        String clientId = jsonObject.getString("client_id");
        System.out.println("Client ID: " + clientId);
    }
}


In the create policy code check if there is an header and if there is a clientId use it as serviceId, other cases are covered having default serviceId (If there is no header, if there is an header but not a clientId)


TODO and topic to follow

- Evaluate the necessity of optional fields: Determine if certain optional fields can be removed or if their use can be better documented to avoid dead data.
- Consider adopting more specific schemas for critical operations: This can improve both the documentation and the generated code quality. Leverage OpenAPI Features: Use OpenAPI's advanced features like `allOf`,
- Prepare for code adaptations: Implement patterns like Adapter/Builder/Transformer to handle translations between similar objects, facilitating easier maintenance and adaptation to specification changes.
- Regular compliance checks.

...