1
0
-1

Hi experts,

I have a use case that requires that i post some data to an external system for verification. The user will require some manual input to complete the verification so they are redirected to the external system. On completion, the user will be redirected back with some data which our joget app requires to continue.

whilst i can use a hidden html page in the userview menu to post the data as a form and redirect the user to external system, when the external system redirects back to my specified url, i get a CSRF error and the returned Json data is lost.

1) if i use the Json Post tool to post the data, how can redirect the user to the external site.

2) How long will the Json Post tool wait for a response before timing out as the external system gives 15-20 minutes to complete the verification before cancelling the request.

3) if i direct the external system to the Json Form Data store Api,  how can i redirect to user back to the app.

4) for options 1 and 3, where can i find an audit log of things done via the Json Post tool or the Json API.

what other options do i have ?

Thanks in advance

    CommentAdd your comment...

    1 answer

    1.  
      2
      1
      0

      Hi, the json tool did not redirect the user. It just posts the data on the backend server side. I think your initial method is correct just you will need to get the csrf token to post from the external system. As i know, you can get the csrf token by post to "jw/csrf" with header "FETCH-CSRF-TOKEN" equal "1".

      1. Chiek

        Thanks panda. I got the csrf token following your suggestion but i found that its useless without the jsessionid and i'm not sure it would be wise to send the two in the url. I tried using the Json Form Data store Api but it needs authentication and admin role. I think sending such credential to a third party is a worse situation to be in. Any other suggestions of how we can get this third party data posted into joget as an anonymous user without hit csrf or jsessionid brick wall

      2. Chiek

        *solved* i was using postman to test the app and forgot that postman will have a different jsessionid. Once i duplicated this on postman, no more CSRF error.

      CommentAdd your comment...