Introduction

JSON Web Token Authentication plugin enables passing of authentication payload in the form of JSON web token to Joget for authentication.

Plugin source code available at https://github.com/jogetoss/json-web-token-authentication

This plugin has been tested to work with Google and OKTA with the use of https://github.com/oauth2-proxy/oauth2-proxy.

Demo with Google and OAuth2-Proxy

Configure and Start oauth2-proxy on Docker

1. Obtain Cookie Secret - To generate cookie-secret, please refer to Overview | OAuth2 Proxy (oauth2-proxy.github.io)
2. Obtain Client ID & Client Secret - Obtain OAuth 2.0 credentials from the Google API Console https://developers.google.com/identity/protocols/oauth2#basicsteps
   

   docker run -p 4180:4180 quay.io/oauth2-proxy/oauth2-proxy:latest \
                --http-address=0.0.0.0:4180 \
                --email-domain=* \
                --cookie-secure=false \
                 --cookie-secret=CookieSecret \
                 --upstream= http://host.docker.internal:8080/ \
                --provider=google \    
                 --client-id=ClientID \
                 --client-secret=ClientSecret \
                --pass-authorization-header=true \
                --pass-access-token=true \
                 --pass-basic-auth=true

   
   

3. After authentication from the provider (i.e. Google), oauth2-proxy will forward all authenticated requests to the upstream server, here is http://127.0.0.1:4180/ which will redirect to the tomcat default page so you need to modify the index.jsp in (tomcat/webapps/ROOT/index.jsp) to turn it to the plugin web service in order to do the login. Replace the page with

   <%@ page language="java" contentType="text/html; charset=ISO-8859-1" pageEncoding="ISO-8859-1"%>
   <html>
   <head>
       <title>JSP Redirect</title>
       </head>
       <body>
          <%
             String redirectURL = "http://127.0.0.1:4180/jw/web/json/plugin/org.joget.plugin.marketplace.JsonWebTokenDirectoryManager/service";
             response.sendRedirect(redirectURL);
           %>
       </body>
   </html>

4. Start Tomcat.
5. After JOGET started, import the plugin then go to Directory Manager Settings and select the plugin `JSON Web Token Directory Manager - 7.0.0`
6. Configure the plugin as below and submit. Remember to turn on the debug mode for troubleshooting purposes.
   
   
7. Now you can go to the login page to sign in with oauth2-proxy by navigating to http://localhost:4180/jw, and click on Sign in with Google.