Accessing JWT payload in XData CRUD end point

Eiszele_Daniel · April 7, 2024, 10:32am

I use Sphinx to authenticate users of my Web App (created with WebCore).
During the authentication process I add a "userID' claim to my token as well as some other generic claims.
I then pass this token through to my XData server with a post request.
Now I understand how to add authentication attributes to prevent unwanted access to particular endpoints but my question is "How do I manually access the contents of this token in a CRUD endpoint? In particular I have a OnInserting(Args: TInsertingArgs) procedure within which I would like to make changes to the object based on the token contents.
I had thought that the following might have got me what I needed TXDataOperationContext.Current.Request.User.Claims.Find('userId').AsString; but User doesn't seem to be defined. Is this possible?

wlandgraf · April 7, 2024, 3:47pm

Your assumptions are correct.

If you added a JWT middleware to your XData server, such JWT will be validated and TXDataOperationContext.Current.Request.User will be set and its claims will contain the same claims of JWT.

If your OnInserting event is being executed in the context of a XData request being processed, then claims should be available there.

Thus, I can only ask for a minimal project reproducing the issue so we can investigate why it's not happening in your case.

Eiszele_Daniel · April 7, 2024, 9:08pm

Thanks Wagner, as the wizard creates the server in code, I hadn't noticed that the JWT middleware wasn't added. (This is my first attempt at full stack ). Might I suggest that the template adds this as a commented out option like the CORs and Compression Middleware, to jog new users minds? Anyway thanks again for the quick response.

wlandgraf · April 8, 2024, 10:17pm

Note that you are referring to the legacy wizard. The new wizard adds the design-time component TXDataServer, and then it's up to the user to add the middleware they want, from object inspector.

In any case, there is a big list of middleware, JWT is just one of them, there are several others that users should pay attention and decide to use it or not.

system · April 9, 2024, 10:18pm

This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.