JWT Token Authentication
| Version | Change |
|---|---|
| v1.0 | Initial version |
| v1.2 | DB Structure changes and redirect |
| v1.3 | Removed forwarding |
Every 3C domain has a cookie named token for production and token_stage for staging. We need to authenticate based on it. The type of machine will be in localSettings file, added manually.
This authentication is to be done on every request. Changes to the access can happen at any time we need to disable access ASAP, if needed.
For authentication of a user we need to verify this token and extract the info. For staging we need to use: https://stage-api.threecolts.com/.well-known/jwks.json. For live will be provided later.
Once the token is validated and it’s info extracted we will have three sections user, organization and products.
<v1.2>
We need to select the data from hub_alpha>threecolts_app. There will be only 1 record and with app_name we need to find in the products array. Then we need the hub_alpha>user>id so we match user.id from the decoded info to hub_alpha>user>threecolts_user_id. And then we search for product_account_id ( that must equal to one of our hub_alpha>client>id). Then we search for both hub_alpha>user>id and hub_alpha>client>id to be in the same row in hub_alpha>client_user. If all of these check are successfull we consider the user authenticated. If not we are to redirect them to https://manager.threecolts.com/v2/login?source=app_name. Use the stage-manager.threecolts.com url for stage/dev
</v1.2>
<v1.3>
Removed the authentication forwarding
</v1.3>