How to decode an Azure Access Token in IRIS?
Hello,
I am trying to find out if it is possible to decode the Azure access token in IRIS. Has anyone ever tried this before? I need to decode the token to extract the "Scope" details in order to verify the scope to make sure client is permitted to do the request they have done.
If you could point me to any information, that'd be great.
Thank you.
Utsavi
Product version: IRIS 2020.1
Do you mean the OAuth2 token?
If so, did you use the native OAuth2 support in Caché/IRIS?
This JWT Debugger may help to understand what's inside the token stored.
Hi Dmitry,
Thanks for your reply. Yes the OAuth2 token. I haven't setup anything for OAuth2 on IRIS end. In our case, the REST APIs we are building in IRIS are exposed to consumer apps via IAM and Azure. IAM takes care of the OAuth2 Authentication. Client Request then flows through to IRIS which is when I need to introspect the access token to read the "Scope".
I came across the following method, is that something I can utlise?
Most of the code related to OAuth2 in IRIS, supposed that you have configured OAuth2 Client, and uses this information to validate and extract data from the token. And this particular method will expect OAuth2 client with the name "demoresource".
I'm not sure how InterSystems supposed to get it worked together with IAM. But I have an example, of extracting data from the JWT token, without any configuration. Look at this code. In this class, I can generate tokens and validate them, as well as pass any data to generating tokens, and extract it. But it also uses a secret phrase to validate the token. And depends on the algorithm, it will require just a simple string as a secret phrase, or a public and private key.
And try the suggested JWT debugger, which may help you in understanding, what's exactly stored in the token and used algorithm for the key.
Thanks a lot Dmitry. I will follow your example code and see if that works for me. Will update you on how I go.
Hi Dmitry,
I am trying out the sample code you supplied. It seems that you have to supply a Secret Key in order to decode the token using ##class(%OAuth2.JWT).JWTToObject(). If I put my sample token on jwt.io , it decodes it without me having to supply the key.
Can we decode the token from IRIS without having to supply the public or private key ?
Yeah, sure, it's quite simple to do. JWT tokens contain three parts separated by a pointer sign.
All of those parts are encoded with Base64
Oh that is Perfect mate !! Thanks so much :)
Social networks
InterSystems resources
Log in or sign up
Log in or create a new account to continue
Log in or sign up
Log in or create a new account to continue
Log in or sign up
Log in or create a new account to continue