How can I decode the OrientDb network binary token in my client app?

[greenpea]

I'm looking for some help in retrieving a user id from the binary network token generated through OrientDB: https://github.com/orientechnologies/orientdb/wiki/Network-Binary-Token-Format

I'm able to authenticate users and retrieve the token, but am so far unable to identify the authenticated user to my (nodejs) application, which is incredibly frustrating!

My assumption is that the token would be a jwt, which I could decode in my client app, using the key configured in orientdb-server-config as secret. The encryption algorithm I have configured is HmacSHA256.

I'm using the binary network protocol via Oriento. Upon authentication this yields a token as byte array, which I hoped to be able to convert to base64 encoded string, and then validate and decode using an appropriate library e.g. https://github.com/auth0/node-jsonwebtoken.

Firstly, is my assumption correct that the token should be jwt? If so, how can I convert the provided token (byte array) to a valid base64 encoded string representation of the jwt? I would expect to see a string composed of three period-delimited base64 encoded parts that should validate at http://jwt.io/.

Trying...

tokenAsBuffer.toString('base64')

  .replace(/\+/g, '-').replace(/\//g, '_').replace(/=+$/, '') // make url safe

...gives a base64 encoded string but not segmented as expected for a valid jwt.

Any help greatly appreciated!

 

[Christian Kramer]

Hey, 

i'm not into nodejs development, but at first you're right its a jwt and it has the typical three parted base64 structure with '.' as delimeter.

Did you try to convert the bytearray this way (http://stackoverflow.com/a/11562550):

var base64String = btoa(String.fromCharCode.apply(null, new Uint8Array(arrayBuffer)));




Cheers, 

Chris

[greenpea]

Hi Chris

Thanks for your response, it's good to confirm the expected format. I've given your suggestion a try using https://www.npmjs.com/package/btoa

Under the hood it does the same as simply using arrayBuffer.toString('base64') and alas the result is the same as I was already getting. The encoded string looks like:

AAAAAA10ZXN0X29yaWVudGRiAQAFAAAAAAAAAAMAAAF9wE4YjwAAHAATT1JlY29yZERvY3VtZW50MmNzdgAHb3JpZW50bwAFMS4xLjFqjbzFxOCE4iKT5dA+Wn/gNWT0pDyhjvvtJ2JHdNfFNQ==

and crucially lacks the 3-part delimited structure. 

If I paste this over at jwt.io (or just do a toString() on the buffer) it reveals some clear text including the db name and version of oriento, looking like: 

test_orientdb }ÀN ORecordDocument2csv oriento 1.1.1j ¼ÅÄà„â"“åÐ>Z à5dô¤<¡Žûí'bGt×Å5

It makes me wonder if the token is getting corrupted somewhere along the way?

PS Orient DB version is 2.0.1, oriento is 1.1.1. 

[Christian Kramer]

Hey, 

sorry i've missed the forest for the trees. The token is not base64 encoded ;). It's just raw byte concatenated to one big byte array. You have to split it manually. See orientdb/server/src/main/java/com/orientechnologies/orient/server/token/OBinaryTokenSerializer.java and especially the serialize/deserialize method. Sorry for that confusion.

Cheers,

Chris

[greenpea]

Ok, excellent, that's helpful, I should be able to figure out from that. Thank you!

[Neil Dsouza]

Could someone post example code of how to extract the user from the token. Thank you.