· May 16, 2023

How to Authenticate a user that is created in InterSystems Management portal

Hi guys, 

I want to develop a web application in which a user can log in through the user credential of intersystems that is created in Management Portal for a specific role. How can I authenticate the user and get any token or login cookie through which user can call other apis

Discussion (2)3
Log in or sign up to continue

Hello @Humza Arshad. Thanks for your question! 

Since IRIS 2022.2, you can use JWT authentication to provide a RESTful way of logging in and maintaining that session, which is in line with how many frontend frameworks like to work. The documentation can be found on the JSON Web Token (JWT) Authentication page.

To take advantage of this, you will need to do the following:

  1. Use Unauthenticated access on the web application that serves the UI app
  2. Enable JWT authentication on the web application that handles REST requests
  3. Set UseSession = 0 on the REST handler class for the web application that handles REST requests
  4. Create your own custom login page in the front end. Upon login, this page should submit a payload containing { user: …, password: … } to the /login endpoint as explained in the documentation above
  5. Add front end code to save the access token and refresh token that are returned. The access token needs to be supplied with every subsequent REST request as an Authentication header with the value ‘Bearer <access_token>’.
  6. Add front end code to periodically refresh the access token – this is done by posting the { access_token: …, refresh_token: … } to the /refresh endpoint.