JWT support in 10.7

Mark_Mcniff1 · April 2, 2024, 10:05pm

Hi

Does IS 10.7 support JWT authentication for calling external APIs, looking in the IS services documentation there is no mention of JWT. In 10.11 I believe there is pub.jwt services.

I can see the 10.7 admin page has a JWT option, but is that just for incoming calls ?

Do i need to configure this in the gateway ?

I do have some legacy java code that will retrieve the token for me so i can do this, but before using a custom approach I would like to see if IS 10.7 really supports JWT

TIA
Mark

engin_arlak · April 2, 2024, 10:15pm

Did you check the IS documentation?
https://documentation.softwareag.com/webmethods/microservices_container/msc10-7/10-7_MSC_PIE_webhelp/#page/pie-webhelp%2Fto-jwt_auth.html%23

Senthilkumar_G · April 3, 2024, 1:58am

Hi @Mark_Mcniff1
Looking at the documentation link @engin_arlak shared, IS 10.7 JWT functionality is for incoming calls.

If your ask if for incoming calls, IS acts as server

Client generates JWT signature using an external Identity provider
Client sends JWT in http header to IS
IS validates if it is valid JWT based on the certificate imported

If your ask is for outgoing calls, which means IS acts as a client and you want to generate JWT and attach in the Header

IS generates JWT using certificate and algorithm ( functionality similar to identity provider)
IS attaches JWT in Http header
IS invokes external APIs with JWT part of the header

Built in service pub.jwt:generateSignedJWT will help for the second scenario but if it is only available in later version, you may have to custom code.

HTH
Senthil

reamon · April 3, 2024, 8:24pm

For the times we’ve had IS as client to a server, we just make an HTTP call using the built-in services, passing the necessary credentials and get the token back. Then use that in subsequent calls. Unlikely to need Java for this.

Vivek_Karunand · April 12, 2024, 4:37pm

even on version 10.15 , webMethods only support RSA Family of algorithm for JWT. if you are JWT to generate token for outbound call and you going to use any of the other algorithm you need to develop java service on your own. This was the case for me, I entered brainstorm request. hope SAG will include all the Algorithms as pert JWT.

jahntech.cj · April 20, 2024, 8:19am

While a bit off-topic, let me just mention that this type of flexibility is a core reason why I think IS is such a wonderful platform. I actually think that it makes a wonderful general-purpose application server, not only being great for integration.

I must also confess that I have come to love Java on IS, although I largely develop POJOs and use IS Java services as wrappers to call them. But that is certainly a different topic.