Skip to content

Inject tenant_id from JWT  #94

New issue
New issue
Closed
Closed
Inject tenant_id from JWT #94
Assignees
EliuX
Labels
enhancementNew feature or requestsecurityFeatures related to authentication and authorization or any sort of security measure.
Milestone
basic product setup
@enriquezrene

Description

@enriquezrene
enriquezrene
opened on Apr 21, 2020

All requests to the API are receiving a JWT using the Authorization header as follows:

Authorization: Bearer {{JWT}}

If an incoming request does not include this token, the request should not be processed. The API should not validate this JWT since it is going to be validated in API management, API only cares if the header is present or not.

If the token is not present a 401 response should be returned.

If the token is present, we need to decode it and get the tenant_id from it that is located in the iss field:

"iss": "https://securityioet.b2clogin.com/b21c4e98-c4bf-420f-9d76-e51c2515c7a4/v2.0/"

We need to extract the value before /v2.0/, in this case:

b21c4e98-c4bf-420f-9d76-e51c2515c7a4

This value needs to be used as tenant_id to perform all the operations in the API.

Metadata

Metadata

Assignees

Labels

enhancementNew feature or requestsecurityFeatures related to authentication and authorization or any sort of security measure.

Type

No type

Projects

No projects

Milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions