User authentication is commonly handled by the customer portal via username and password. Authorization is the process of giving the user permission to access a specific resource or function.
JSON Web Token
JSON Web Token (JWT) is an open, industry-standard RFC 7519 method for representing claims securely between two parties and is the recommended way of adding authorization to your deployed DynaMaker application. The jwt.io website is a great resource when working with JWTs.
Creating a token
When the user has successfully logged in to your user portal, you can create a signed JWT for that user. We recommend using a well-maintained library to create the token.
// REQUIRED. Unique and persistent ID of the user.
// REQUIRED. Identifies the time at which the JWT was issued. A JSON numeric
// value representing the number of seconds from 1970-01-01T00:00:00Z UTC
// until the specified UTC date/time, ignoring leap seconds.
// REQUIRED. Identifies the expiration time on after which the JWT MUST NOT
// be accepted for processing. A JSON numeric value representing the number
// of seconds from 1970-01-01T00:00:00Z UTC until the specified UTC
// date/time, ignoring leap seconds.
// OPTIONAL. Read about the "role" claim in the following section.
// OPTIONAL. If you want to add other fields to your JWT, we recommend
// wrapping them in an object with the property name "custom", to avoid any
// potential conflicts with DynaMaker fields.
"name": "Jane Doe",
We use the
role claim to assign an application-level role to the user.
userrole enables saving and loading of configurations within the deployed application.
managerrole gives access to other users' saved configurations within the deployed application.
Signing the token
The JWT must be signed with HS256 (HMAC with SHA-256). It is a symmetric algorithm, which means that there is only one private key that must be kept secret, and it is shared between the two parties. Since the same key is used both to generate the signature and to validate it, care must be taken to ensure that the key is not compromised. You can create a secret from the settings modal in your app dashboard.
"iat": 1516239022, // Thu Jan 18 2018 02:30:22 GMT+0100
"exp": 1516325422 // Fri Jan 19 2018 02:30:22 GMT+0100
Using a token
To send the signed token to DynaMaker, include it as the URL parameter