JSON Web Tokens Authentication

(Vincent Tuwei) #1

Dear All,

We would like to implement JSON Web Tokens authentication on the rest webservices module. We developed an angular2 web interface for openmrs from scratch. The web interface consumes data from two sources.

  1. Openmrs rest Server
  2. ETL Server (summarised openmrs data and other integrations) We have an nginx server that handles requests for the two servers. The web interface is also served using nginx. Our ETL server authenticates using Openmrs.

We have a challange with authentication. At the moment, we have to send two authentication requests to the two servers. With JSON web Tokens, we would be able to use one token for authentication on both servers.

We suggest that we add this feature on the current AuthenticationFilter or create a new JWT Authentication Filter.

We welcome suggestions on how best to approach this.

(Daniel Kayiwa) #2

I would go for modifying the existing AuthorizationFilter by starting with changing this line https://github.com/openmrs/openmrs-module-webservices.rest/blob/master/omod-common/src/main/java/org/openmrs/module/webservices/rest/web/filter/AuthorizationFilter.java#L84 not to assume that it will always be basic authentication. In other words, to also expect something like this for JSON Web Tokens: Authorization: Bearer token Then the rest of the code would proceed basing on the type of authentication.

(Vincent Tuwei) #3

Thanks @dkayiwa. I have created a ticket for this.

RESTWS-648

(Daniel Kayiwa) #4

I have made it ready for work. So you can claim and start working on it right away.

(Olivier Dusabimana) #5

@vtuwei were you able to make progress on this? We have a similar situation as what you described and having a JWT authentication would be helpful

Thanks