JWT Token Allocation

Accelerator REST API v3 uses JSON Web Tokens (JWTs) to implement the access tokens used in REST requests. A JWT access token is allocated by an HTTP POST request by the client that passes a matching Linux username and password along with an implementation-defined REST URL. The server responds by verifying the username and password match and returning the JWT access token to the client.

The authorize() method function in the VOVRest Python module should be used for most convenient authorization and automatic JWT handling. This method is used in the later examples in this tutorial. The getToken.py module that follows shows the low level interface to JWT allocation. This module must be provided with the first few working Python code examples shown in this tutorial.

getToken.py

# JWT Token utilities

import os, requests

#
# Function getJWT()
#
# Arguments
#
#       url       - A URL for a VOV project
#       user      - user name for authentication
#       password  - password for authentication
#
def getJWT(url, username, password):
    scheme = url.split(":")[0]
    hostport = url.split("/")[2]
    baseUrl = "{0}://{1}".format(scheme, hostport)
    tokenUrl = baseUrl + "/api/v3/token"
    myauth={ 'username' : username , 'password' : password }
    r = requests.post(tokenUrl, data=myauth)
    if ( r.status_code > 300 ):
        print ("JWT Error code %d" % r.status_code)
        print ("          returned status: ", r.json() )
        print ("          error message : %s" % r.json()['error'])
        exit(1)
    token = r.json()
    jwtToken = token['token_type'] +":" + token['access_token']
    return jwtToken

#
# Function getMyPassword()
#
# This example function simply prompts the user to type the account password.  
#
def getMyPassword():
    import getpass
    return getpass.getpass('Password:')

The Python code in the getToken.py module also contains a placeholder password prompt function getMyPassword(). The handling of user passwords and JWT tokens in practice will be up to the REST application developers in accordance with their own best practices for handling and storing security-sensitive information. If the REST application runs for many hours, new JWT tokens will need to be allocated and authenticated after the previous ones expire. The application needs to provide a way to provide the password each time a JWT token is authenticated. Additional methods for renewing or allocating JWT tokens are being considered for future Accelerator software releases.