I found my issue. which was unrelated to JWT., but related to a security check imposed in my Dispatch class/ the Privilage check there, does not (rightly so), insert an entry in the Security audit log.
all good now.
David,
In your example above - does the user 'APIUser' have any other privilges other than those needing to read/write to the underlying database(s) of the namespace the application is tied to ? Can you confirm that user does not carry %All ??
I'm finding I have a missing some permissions, and only users with %All can get to subsequent API Calls - but - the Security Audit Log does not report any errors - I just get a 401. There is something failing for me in the CSP plumbing which is decrypting the token, on the way in and setting up the user context. - my dispatch class code is not invoked.
have you encountered this or have any low-level debugging tips ?
Thanks -
Great article - thanks for putting it together..!
I've been trying something similar but with a different approach. I start with an application idea, using Figma to mock it up, then something like Replit to build the front end with mock data and mock API backend.
Once built, I asked AI to generate a swagger spec for all APIs, which I then import into IRIS to generate the .disp,.impl and .spec classes.
The backend logic I then did myself, but I can see how if I persisted, I could have used AI for that too.
My project was to build an app that selected patients from the backend database, and existing observations on file, plotting their the values over time.