{
  "name": "JWT authentication",
  "comments": null,
  "auth_type_ident": 3,
  "class_name": "com.kahuna.server.auth.HttpAuthProvider",
  "javascript_authprovider_code": null,
  "bootstrap_config_value": null,
  "param_map": "AuthPublicKeyText=%7B%0A%20%20%20%20%22kty%22%20%3A%20%22RSA%22%2C%0A%20%20%20%20%22kid%22%20%3A%20%22jwt_sign%22%2C%0A%20%20%20%20%22use%22%20%3A%20%22sig%22%2C%0A%20%20%20%20%22n%22%20%3A%20%22%3Cget%20this%20from%20gateay%3E%22%2C%0A%20%20%20%20%22e%22%20%3A%20%22%3Cget%20this%20from%20gateay%3E%22%2C%0A%20%20%20%20%22x5c%22%20%3A%20%5B%20%22%3Cget%20this%20from%20gateway%3E%22%20%5D%2C%0A%20%20%20%20%22x5t%22%20%3A%20%22%3Cget%20this%20from%20gateway%3E%22%0A%20%20%7D,AuthPublicKeyAlgorithm=RSA,AuthHeaderName=Authorization",
  "get_config_info_code": "var pkField = configInfo.addConfigField();\r\npkField.name = \"AuthPublicKeyText\";\r\npkField.description = \"The public key to verify incoming authentication. This can be either:\" +\r\n    \"<ul><li>a JSON Web Key (JWK), which will start with something like <code>{ \\\"kty\\\": \\\"RSA\\\", etc...</code></li>\" +\r\n    \"<li>an X.509 certificate, which will start with the line <code>-----BEGIN CERTIFICATE-----</code>,</li>\" +\r\n    \"<li>or an X.509 public key, which will start with the line <code>-----BEGIN PUBLIC KEY-----</code></li></ul>\";\r\npkField.display = \"Auth certificate/public key\";\r\npkField.length = 10000;\r\n\r\nvar pkAlgoField = configInfo.addConfigField();\r\npkAlgoField.name = \"AuthPublicKeyAlgorithm\";\r\npkAlgoField.description = \"Optional: the algorithm for the public key. If none is specified, RSA is assumed.\";\r\npkAlgoField.display = \"Auth public key algorithm\";\r\npkAlgoField.length = 20;\r\n\r\nvar jwtHeaderName = configInfo.addConfigField();\r\njwtHeaderName.name = \"AuthHeaderName\";\r\njwtHeaderName.description = \"Optional: name of HTTP header containing authentication, used for caching.\" +\r\n \" If this is not specified, no caching will occur, which will incur a small performance penalty (see docs for details)\";\r\njwtHeaderName.display = \"Auth Header Name\";\r\njwtHeaderName.length = 30;\r\n",
  "configure_code": "for (var paramName in parameters) {\r\n    log.info(\"Parameter \" + paramName +\r\n         \" has value \" + parameters[paramName]);\r\n}\r\n",
  "get_login_info_code": "loginInfo.loginStatus = \"Authentication is assumed to be done by the Gateway. Login is not allowed here.\";\n",
  "auth_code": "log.debug(\"In JWT Auth\");\r\nvar encodedJwt = servletRequest.getHeader(\"Authorization\");\r\nif ( ! encodedJwt || encodedJwt.trim().length === 0) {\r\n    result.errorMessage = \"No Authorization header provided\";\r\n    return;\r\n}\r\n\r\nif ( ! encodedJwt.startsWith(\"Bearer \")) {\r\n    result.errorMessage = \"Authorization header does not have scheme Bearer\";\r\n    return;\r\n}\r\n\r\n\r\n\r\nencodedJwt = encodedJwt.substring(\"Bearer \".length);\r\nlog.info(\"=====JWT Token:=======\\n\"+encodedJwt+\"\\n================\");\r\nvar Jwts = Java.type(\"io.jsonwebtoken.Jwts\");\r\nvar jwtClaims = Jwts.parser().setSigningKey(publicKey).parseClaimsJws(encodedJwt);\r\n\r\n\r\n//var keyId = jwsHeader.getKeyId();\r\n\r\nresult.userData.kid = jwtClaims.header.kid;\r\nresult.userIdentifier = jwtClaims.body.sub;\r\nresult.userData.userName = jwtClaims.body.sub;\r\nresult.userData.jwt=encodedJwt;\r\n\r\n\r\n\r\n//result.userIdentifier = jwtClaims.getBody().get(\"userIdentifier\");\r\n\r\nvar jwtAppInfo = jwtClaims.body.appInfo;\r\nresult.userData.jwtAppInfo_orgName = jwtAppInfo.orgName;\r\nresult.userData.jwtAppInfo_appName = jwtAppInfo.appName;\r\nresult.userData.jwtAppInfo_appKey = jwtAppInfo.appKey;\r\nresult.userData.jwtAppInfo_orgId = jwtAppInfo.orgId;\r\n\r\nif(jwtClaims.body.sub ==  jwtAppInfo.appName){\r\n    result.roleNames.add(\"Read only\");\r\n}\r\n\r\nif(jwtClaims.body.sub !=  jwtAppInfo.appName){\r\n    result.roleNames.add(\"Full access\");\r\n    if(jwtClaims.body.userInfo !== null && typeof jwtClaims.body.userInfo[0] !== 'undefined'){\r\n        var jwtUserInfo = jwtClaims.body.userInfo[0];\r\n        result.userData.name = jwtUserInfo.name.formatted;\r\n        result.userData.familyName = jwtUserInfo.name.familyName;\r\n        result.userData.emails = jwtUserInfo.emails[0].value;\r\n    }\r\n    //print(\"***userInfo:\" + jwtUserInfo);   \r\n}\r\n"
}