6.7.5. Token in ONEWEB
EAF-REST API provides a powerful, convenient, and simple Web services API for interacting with ONEWEB 4.0 for standard CRUD operations to database.
Figure 1: sequence diagram of steps to connect to server
- Request login
First step, client logs in to server with user information. EAF-REST provide login service URL "http://[IP Address]:[Port]/eaf-rest/login"
Client connects using POST method and sends user information like this
"username" : "User Name",
"password" : "Password",
"ldapproviderurl" : "",
"clientId" : "C00292818"
Note: "clientId" is random generated unique key from client.
- Server create token
Server creates payload information and generate token.
- Return token to client
The client receive message from server. For example see message below.
timestamp: Date and time server generate token
validity: age of token in millisecond when server return token to client. The token will expire by calculating validity from timestamp and validity: days = ((validity/3600)/24) ONEWEB 4.0 set default expires in 1 day.
id_token: this is the value client use attach to http header authorization key
- Client send request with authorization header
When client connect to server every message should attach the token to authorization key in HTTP header
- Server check signature and Expire date
When server receive message from client, it will check signature and expire date of token to validate the message. If the message is valid, server will continue to process message from client. For invalid messages, server rejects request from that client.
- Send response to client
After server process the request, will send the response to client.