Token
TOKEN BASED AUTHENTICATION
Topal uses a Token based Authentication for accessing Data via REST API on the Topal Server.
A token is a piece of data that has no meaning or use on its own, but combined with the correct tokenization system, becomes a vital player in
securing your application. Token based authentication works by ensuring that each request to a server is accompanied by a signed token which
the server verifies for authenticity and only then responds to the request.
WHY USE TOKENS
The use of tokens has many benefits compared to traditional methods such as cookies.
Tokens are stateless.
The token is self-contained and contains all the information it needs for authentication. This is great for scalability as it frees your server from having to
store session state.
Tokens can be generated from anywhere.
Token generation is decoupled from token verification allowing you the option to handle the signing of tokens on a separate server or even through a
different company such us Auth0.
Fine-grained access control.
Within the token payload you can easily specify user roles and permissions as well as resources that the user can access.
These are just some of the benefits JSON Web Tokens provide.
ANATOMY OF A JSON WEB TOKEN
A JSON Web Token consists of three parts: Header, Payload and Signature. The header and payload are Base64 encoded, then concatenated by a period, finally
the result is algorithmically signed producing a token in the form of header.claims.signature. The header consists of metadata including the type of token and the
hashing algorithm used to sign the token. The payload contains the claims data that the token is encoding.
hashing algorithm used to sign the token. The payload contains the claims data that the token is encoding.
A Token in Topal looks as follows:
Bearer AQAAANCMnd8BFdERjHoAwE_Cl-sBAAAAfWB4PhLmQEqGkufCa0wIIAAAAAACAAAAAAADZgAAwAAAABAAAAAkrNa6ruc0ie13yThGJze5AAAAAASAAACgAAAAEAAAAGUX
ljO83iG5HGZyOTKZi75QAQAAS9nzstWtkiP1sFHTMx7fF9bLHH7qBse_yDnFcTv8VJUg4Im98MPMSej4GRXOhTtGEtQDhrt0EmMmu9kP2q0ABiJU2dHX6ACJv-dLLCmfwaY5ZRSOOplh
HZ9P8EqI_jNm4rtNcnZsUo1LGECJs9x-w0l927mOIaLCs7h0EIsozZm69qyOK7OtNPzp0-yUq57Mqhj598uMzXeTzwDMBkePvFwEVDhbbpwFk94UaaS5_A5U5jiRgoMT8ebNmftKjrDa
MDPI0FjSUhDLmoyqmpmXCllmg07ScZGf1lOIFGq_AR3sS9osRavy6fmo_RNxNySp-g82rwzPzQiWdIqEctMdY-RbOkzdSjQ20-E63qsCKzTkqj6M0qW4Aumk6KEPTwIukPb1hXQ91yC
Xb87NlCwGW5EM5ubUgM5f4FQvdpWR1JlFEKTKGfd7MW-_-N4SlkwLFAAAAF9DAmu0ym_brsE22DmATG4aatE7
private string getToken(FormUrlEncodedContent loginContent)
{
var response = httpclient.PostAsync("Token", loginContent).Result;
if (response.StatusCode == HttpStatusCode.OK)
{
var tokenResponse = response.Content.ReadAsStringAsync().Result;
dynamic accessToken = JsonConvert.DeserializeObject(tokenResponse);
token = accessToken.access_token;
}
else {
token = "";
}
return token;
}
def __getToken(self):
host = Configuration().host
url = '{0}{1}Token'.format(host, Configuration().api_version)
payload = {'grant_type': 'password',
'username': Configuration().username,
'password': Configuration().password,
'localization': Configuration().localization, # 'de', 'en', 'fr'
'keep_alive': Configuration().keep_alive # false = 30min. ; true = 24h expiration of token
}
try:
response = requests.post(url, data=payload, headers={'Content-Type': 'text/plain'})
if response.status_code == 200:
token = response.json()
bearer_token = token['token_type'] + ' ' + token['access_token']
else:
bearer_token = None
except Exception as err:
print("Error: {0}".format(err))
bearer_token = None
return bearer_token
Retrieve Token with Postman
Postman is an API Client, which allows you to contact a server with API endpoints that you want to reach and perform some action. Those actions are HTTP methods.
Instead of testing your APIs through a command line or terminal, we offer an intuitive graphical interface that is quick to learn and rewarding to master.
The most common methods are GET, POST, PUT, and DELETE. The names of the methods are self-explanatory.
Postman request to retrieve a Token
Postman download Link:
It is required to provide a loginContent in order to retrieve a token. The FormUrlEncodedContent Class is used for that purpose. The FormUrlEncodedContent
is container for name/value tuples encoded using application/x-www-form-urlencoded MIME type. Find below an exaple to provide login parameters.
is container for name/value tuples encoded using application/x-www-form-urlencoded MIME type. Find below an exaple to provide login parameters.
class Credentials
{
public List> loginParameters { get; set; }
public Credentials()
{
var loginParams = new List>
{
new KeyValuePair("grant_type", "password"),
new KeyValuePair("username", Configuration.username),
new KeyValuePair("password", Configuration.password),
new KeyValuePair("server", Configuration.Server),
new KeyValuePair("useSSL", Configuration.useSSL),
new KeyValuePair("localization", Configuration.localization),
new KeyValuePair("keep_alive", Configuration.keep_alive),
};
this.loginParameters = loginParams;
}
public Credentials defaultCredentials()
{
return new Credentials();
}
}
payload = {'grant_type': 'password',
'username': Configuration().username,
'password': Configuration().password,
'localization': Configuration().localization, # 'de', 'en', 'fr'
'keep_alive': Configuration().keep_alive # false = 30min. ; true = 24h expiration of token
}