User Authentication and Authorization
User authentication is commonly handled by the customer portal via username and password. Authorization is the process of giving the user permission to access a specific resource or function.
If you do not already have a way of authenticating your users, you can enable the Auth0 Plugin to use Auth0 together with DynaMaker.
JSON Web Token
JSON Web Token (JWT) is an open, industry-standard RFC 7519 method for representing claims securely between two parties and is the recommended way of adding authorization to your deployed DynaMaker application. The jwt.io website is a great resource when working with JWTs.
Creating a token
When the user has successfully logged in to your user portal, you can create a signed JWT for that user. We recommend using a well-maintained library to create the token.
// REQUIRED. Unique and persistent ID of the user.
// REQUIRED. Identifies the time at which the JWT was issued. A JSON numeric
// value representing the number of seconds from 1970-01-01T00:00:00Z UTC
// until the specified UTC date/time, ignoring leap seconds.
// REQUIRED. Identifies the expiration time on after which the JWT MUST NOT
// be accepted for processing. A JSON numeric value representing the number
// of seconds from 1970-01-01T00:00:00Z UTC until the specified UTC
// date/time, ignoring leap seconds.
// OPTIONAL. Any other fields that you want to use.
"name": "Jane Doe",
"roles": ["manager", "my-custom-role"]
We use the
roles claim to assign application-level roles to the user. Currently,
manager is the only role used by
DynaMaker. When the user has the
manager role, they have access to other users' saved configurations within the
Signing the token
The JWT must be signed with HS256 (HMAC with SHA-256). It is a symmetric algorithm, which means that there is only one private key that must be kept secret, and it is shared between the two parties. Since the same key is used both to generate the signature and to validate it, care must be taken to ensure that the key is not compromised. You can create a secret from the settings modal in your app dashboard.
"iat": 1516239022, // Thu Jan 18 2018 02:30:22 GMT+0100
"exp": 1516325422 // Fri Jan 19 2018 02:30:22 GMT+0100
Using a token
To send the signed token to DynaMaker, include it as the URL parameter
<iframe src="https://deployed.dynamaker.com/applications/<MY_PROJECT_ID>/?token=eyJhbGciOi..." />