JWT validation token (bearer token) validation for REST API calls.

[Jason]

Hello,

I want to protect my Spring Boot-based REST API by pac4j.

The mobile app will get an (OpenID Connect) access token/bearer token in JWT format and my backend must validate this JWT token for each API call.

The JWT token will be passed in the HTTP.

Is this possible with pac4j ?

I couldn't find an example for this usecase.

Thanks in advance!

[Jérôme LELEU]

Hi,

Using Spring Boot, you can secure your REST API with:

- spring-webmvc-pac4j (https://github.com/pac4j/spring-webmvc-pac4j)  if you use Spring Web MVC

OR

- spring-security-pac4j (https://github.com/pac4j/spring-security-pac4j) if you use Spring Security.

You can call a REST API with a JWT token for authentication. You'll find some examples in the following demos: https://github.com/pac4j/spring-webmvc-pac4j-boot-demo and https://github.com/pac4j/spring-security-pac4j-boot-demo

The question is whether you will pass the JWT as a request parameter (you need to create a ParameterClient) or via a header (you need a HeaderClient): see http://www.pac4j.org/docs/clients/http.html

The way to validate credentials (called "authenticator" in pac4j terminology) is the JwtAuthenticator for JWT: see http://www.pac4j.org/docs/authenticators/jwt.html

Thanks.

Best regards,

Jérôme

--
You received this message because you are subscribed to the Google Groups "pac4j-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to pac4j-users+unsubscribe@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.