JSON Web tokens implementation for Eiffel

50 views
Skip to first unread message

Paul Gokke

unread,
May 12, 2016, 7:07:20 AM5/12/16
to Eiffel Web Framework
Dear all,

I want to use the JSON Web tokens (JWT) technology to create a security implementation for a new web api. The web api will be based on the Eiffel, using the latest Eiffel platform (15.12) using EWF.
Does anyone know of an Eiffel library which implements at least the most basic parts of JWT?

Best Regards, Paul.

Jocelyn Fiat

unread,
May 14, 2016, 9:04:33 AM5/14/16
to Eiffel Web Framework
Hi Paul,

I don't know any Eiffel code for that yet.
However we could collaborate as part of the EiffelWeb framework (EWF) to add this component.

Regards,
-- Jocelyn

Paul Gokke

unread,
May 14, 2016, 9:15:12 AM5/14/16
to Eiffel Web Framework
Hi Jocelyn,

That seems to be the best way to go.
Now there are a few options I think:

1. Write it from scratch in Eiffel. Will need a complete knowledge of the JWT technology
2. Use an existing c or maybe JAVA library which can be wrapped as an Eiffel component.

The page (https://jwt.io/) shows examples of different language implementations.

The c library is called libjwt and there are different java libraries.

The thing is that I will need it within the coming 2, 3 months.

Maybe wrapping the c library is the quickest way to a first solution and after that we could replace it with a native Eiffel implamentation.

What do you think?

Regards, Paul

Berend de Boer

unread,
May 15, 2016, 4:20:06 PM5/15/16
to eiffel-web...@googlegroups.com
>>>>> "Paul" == Paul Gokke <paul....@gmail.com> writes:

Paul> 1. Write it from scratch in Eiffel. Will need a complete
Paul> knowledge of the JWT technology

Greatly preferable to have a native implementation. But I suggest it
becomes a separate github project so re-usability is higher.

--
All the best,

Berend de Boer

Paul Gokke

unread,
May 17, 2016, 2:54:15 AM5/17/16
to Eiffel Web Framework
Hi Berend, and everyone else interested,

After performing some extra research on the subject, there is a little more involved for my goal then I assumed before (isn't it always like this;-)).

My Company will create a new web application (migrating an existing one) and make a move to the new web of things.

One of my primary concerns is security. I need the following aspects:
  • Authentication of users;
  • Authorisation for exchanging protected information by these users and external users/systems;
  • Session management (log in/out, easy deployment of new versions by making it possible for an administrator to force logouts);

My investigations so for made me go for the following technologies:

  • OpenId (for authentication and authorization)
  • Oauth version 2 (for authorization of the protected resources)
  • JWT as the token implementation
While I already created an abstract framework in Eiffel for some common software systems aspects (event driven interfaces (WUI, GUI, TUI, web api based on EWF), based on the theory of H18 in Touch of class, I am now thinking of implementing the above using this framework.

Ok, that's the way to go then, create native Eiffel libraries for this. In the upcoming weeks I will set up an environment for this and start stating my goals.

This will be my first open source contribution, so I will start with understanding the requirements of the EWF community and then put everything into place, if you have any pointers for this, please let me know?.

I will let you know when there is progress or when I have questions ;-). I hope I can count on your support.

Best regards,

Paul.

Jocelyn Fiat

unread,
May 18, 2016, 10:13:26 AM5/18/16
to Eiffel Web Framework
Hi Paul and other,

About the place to contribute, this can either be within the EiffelWeb framework project  (i.e https://github.com/EiffelWebFramework/EWF ), or as Berend suggested, as a separated projet that would relies on EWF and maybe other.

As far as I am concerned, either way is fine for me. And either way, we can make it available inside the "EiffelWebFramework" github organisation (https://github.com/EiffelWebFramework).

As a side note, there is also a CMS project, based on EiffelWeb, see https://github.com/EiffelWebFramework/ROC , among other it has various authentication system (Basic HTTP authorization, session with cookie, OpenID and also OAuth2 consumers).

If you don't want to contribute directly to the EiffelWeb project, I would recommand to create a github project, so that it gets easier to collaborate.
Let us know, when the "environment" is ready.

-- Jocelyn
Reply all
Reply to author
Forward
0 new messages