The JADE 2022 release meets tomorrow’s business demands.
Currently, JADE provides RESTful web services with the JadeRestService RootSchema class. However, these APIs are not able to be secured, that is, anyone with the URL may consume it without providing authentication.
The intent of this feature is to provide the ability to restrict JADE REST APIs such that only clients with a valid bearer token are able to consume the API. In addition, the rules on what constitute a valid token may be customised by the API developer as required.
The token that is planned to be supported is JSON Web Token (JWT) – an open standard tracked by RFC 7519 . The JWT standard defines a compact and self-contained way for securely transmitting information between parties represented as a JSON object.
The feature will allow for the validation of token signatures, including Asymmetrical (e.g. RS256) tokens signed from third party Auth providers such as Auth0 using a JSON Web Key Set (JWKS). It will also allow for the generation of Symmetrical (e.g. HS256) tokens and the association of required claims (e.g. access level or token expiry etc.) against particular REST Service methods.
Ashley Bass
The description has been updated to provide a summary of the capability we are aiming to deliver in the next major release. Please review and provide feedback.
Attachments Open full size