Bizzomate OAuth

Content Type: Module
Categories: Utility,Authentication,Connectors

Overview

Mendix applications provide basic authentication by default for published web services. Some would say, fine for local development. However, for published services hosted online, a more advanced authentication is often required from a security perspective. This module provides out-of-the-box, verification of OAuth tokens. One or multiple authorization servers can be added and maintained with its own configuration for more flexibility.

Documentation

Typical usage scenario

Mendix applications provide basic authentication by default for published web services. Some would say, fine for local development. However, for published services hosted online, a more advanced authentication is often required from a security perspective. This module provides out-of-the-box, verification of OAuth tokens. One or multiple authorization servers can be added and maintained with its own configuration for more flexibility.

Is to be applied to exposed functions, that are to be secured with OAuth tokens. For example with web services (REST / OData).

 

Features and limitations

  • Provides the ability to setup multiple authorization server to validate tokens from either of them.
  • Imports the necessary .well-known configuration items for validating tokens.
  • Provides an exposed microflow action, to find it easily in the microflow activity selector.
  • Currently supports the following encoding and hashing algorithms: RS256, RS384 and RS512.
  • Provides the option to just decode the token and get it in a decoded JWT object.
  • Provides the option to just decode the token and get it as a JSON string, for customization of claim usage or other things.
  • Added Leeway to have some flexibility.
  • Added debug logging.
  • Added examples to have it applied in logic.
  • Introspection is currently not implemented.
  • Verification on audience is optional. If a value is provided, it is applied in the verification as well.

 

Dependencies

  • com.auth0 - java-jwt - 4.4.0
  • com.auth0 - jwks-rsa - 0.21.3
  • Mendix Atlas 3

 

Installation

  • Create a page where the snippet 'SNIP_AuthorizationServer_Overview' is put for an administrator.
  • Setup the security and link the necessary project role(s) with the relevant module role(s).
  • Apply the exposed microflow action 'Get verified JWT' to have the token verification applied.
    • Examples are available in the '_USEME/Examples' folder.

 

Frequently Asked Questions

  • Q: Is it possible to verify an Entra AD token? A: Only when the token is request without a Graph scope. Microsoft tends to have its own algorithm, not conform the standard.
  • Q: How can I test the token easily? A: Testing can be done also on the website https://jwt.io.

 

PS: This module is a rebuild of an already existing module. It did not provide the necessary options for us and also not a working version in Mendix 10.x. Hence, the new module published in Marketplace. It will be extended with other functionalities as they arise.

 

Extra validations on (custom) claims and more are coming soon.

Releases

Version: 1.0.0
Framework Version: 10.8.1
Release Notes: - Initial release of OAuth module. - Provides the ability to setup multiple authorization server to validate tokens from either of them. - Imports the necessary .well-known configuration items for validating tokens. - Provides an exposed microflow action, to find it easily in the microflow activity selector. - Currently supports the following encoding and hashing algorithms: RS256, RS384 and RS512. - Provides the option to just decode the token and get it in a decoded JWT object. - Provides the option to just decode the token and get it as a JSON string, for customization of claim usage or other things. - Added Leeway to have some flexibility. - Added debug logging. - Added examples to have it applied in logic.