Wiki source code of Anonymisation des Urls

Last modified by Aurelie Bertrand on 2026/06/22 14:13

Hide last authors
Aurelie Bertrand 65.1 1 {{toc/}}
2
3 ----
4
5 This document describes how to authenticate automatically within the various DigDash Enterprise modules (dashboards, configuration pages) without using the **‘pass’** parameter.
6
7 (% class="wikigeneratedid" id="HAuthentificationviaunjetonAuthToken" %)
8 The principle is that, once authenticated, a token is requested which, when used, allows a new session to be created based on the one requested by the current session.
9 This token enables an automatic session to be created without having to specify the user’s password.
10
11 (% class="box infomessage" %)
12 (((
13 **ℹ**A token expires automatically **5 minutes** after it is created.
14
15 Once used by a browser, the token is ‘reserved’ for that browser. It can then be reused several times by the same browser (to display multiple iframes simultaneously), but will be rejected if used elsewhere.
16 )))
17
18 = Requesting an AuthToken =
19
20 There are three different ways to authenticate when requesting a token.
21
22 * **Logged in with username and password: **
23 The token request is made via a web service with a URL in the following format:
24 [[http:~~/~~/localhost:8080/ddenterpriseapi/DDEnterpriseServlet?user=admin&pass=admin&method=newAuthToken>>http://localhost:8080/ddenterpriseapi/DDEnterpriseServlet?user=admin&pass=admin&method=newAuthToken]]
25
26 (% class="box warningmessage" %)
27 (((
28 ⚠ The password must be correctly encoded for the URL to work.
29 )))
30
31 * **Using basic authentication:**(((
32 Using curl with the -u option: you will be prompted for the password after the request is executed.
33
34 {{code}}
35 curl -u <user> http://localhost:8080/ddenterpriseapi/DDEnterpriseServlet?method=newAuthToken
36 {{/code}}
37
38 By specifying the header yourself: the request takes the following form:
39
40 {{code}}
41 curl -H 'Authorization: Basic <base64(user:pass)>' http://localhost:8080/ddenterpriseapi/DDEnterpriseServlet?method=newAuthToken
42 {{/code}}
43 )))
44
45 * **Using a JWT token:**(((
46 The token is requested via a request. The JWT (JSON Web Token) is specified in the HTTP header for authentication.
47 This JWT is generated via the DigDash REST API without a defined target user (targetUser). See the section [[Creating a JWT token>>doc:Digdash.API.DD_API.WebHome||anchor="JWT"]] for further details.
48 The request takes the following form (example using a curl request):
49
50 {{code language="C"}}
51 curl -H "Authorization: Bearer <JWT>" "http://localhost:8080/ddenterpriseapi/DDEnterpriseServlet?method=newAuthToken"
52 {{/code}}
53
54 where //**<JWT>**// should be replaced with the JWT token obtained previously.
55 )))
56 * (((
57 **Using an API key:**
58 The API key is requested via a request. The API key is specified in the HTTP header for authentication.
59 This API key is generated via the DigDash REST API without a defined target user (targetUser). See the section [[Creating an API key>>doc:Digdash.API.DD_API.WebHome||anchor="API"]] for further details.
60 The request takes the following form (example using a curl request):
61
62 {{code language="C"}}
63 curl -H "X-API-KEY: <apikey>" "http://localhost:8080/ddenterpriseapi/DDEnterpriseServlet?method=newAuthToken"
64 {{/code}}
65
66 where //**<apikey>**// should be replaced with the API key obtained previously.
67 )))
68
69 The**method=newAuthToken **parameter**allows **the URL or request response to retrieve the new AuthToken generated in this way.
70
71 = Using the AuthToken in a URL =
72
73 Once you have retrieved the AuthToken, you can use it in a URL to create an automatic session without needing to provide authentication details.
74
75 For example, for a dashboard, it would be used as follows:
76 [[http:~~/~~/localhost:8080/digdash_dashboard/index.html?user=admin&authToken=token>>http://localhost:8080/digdash_dashboard/index.html?user=admin&authToken=token]]
77 The **authToken **parameter **must **be set to the token retrieved in the previous step.
78
79 = Advanced: Identity borrowing =
80
81 **The API’s newAuthToken **method returns a token for the current session and the current user. You must therefore have a session for that user in order to call this method and use its result in a URL.
82
83 In some cases, this is a constraint, and it is useful to be able to log in as another (target) user using a source user’s credentials. The ` **newAuthTokenAs **` method is available, **which **takes an additional **`userId**` parameter.
84
85 The following prerequisites are required to use this method:
86
87 * The system must have the property **PROP_NEWAUTHTOKENAS = **true in **system.xml**
88 * The source user must have the **Admin > Allow impersonation** authorisation.
89
90 Once these prerequisites have been met, proceed as follows depending on the authentication method used:
91
92 * **Logged in with username and password: **
93 The target user must be specified in the URL when requesting the token in the following format:
94 [[http:~~/~~/localhost:8080/ddenterpriseapi/DDEnterpriseServlet?user=admin&pass=admin&method=newAuthTokenAs&userId=utilisateurCible>>http://http//localhost:8080/ddenterpriseapi/DDEnterpriseServlet?user=admin&pass=admin&method=newAuthTokenAs&userId=userCible]]
95
96 * **Via basic authorisation:**(((
97 Using curl with the -u option: you will be prompted for the password after the request is executed.
98
99 {{code}}
100 curl -u <user> http://localhost:8080/ddenterpriseapi/DDEnterpriseServlet?method=newAuthTokenAs&userId=utilisateurCible
101
102 {{/code}}
103
104 By specifying the header yourself: the request takes the following form (example using a curl request):
105
106 {{code}}
107 curl -H 'Authorization: Basic <base64(user:pass)>' http://localhost:8080/ddenterpriseapi/DDEnterpriseServlet?method=newAuthTokenAs&userId=utilisateurCible
108 {{/code}}
109 )))
110 * **Via a JWT token:**
111 This JWT token is generated via the DigDash REST API without a defined target user (targetUser). See the section [[Creating a JWT token>>doc:Digdash.API.DD_API.WebHome||anchor="JWT"]] for further details.(((
112 The request takes the following form (example using a curl request):
113
114 {{code language="C"}}
115 curl -H "Authorization: Bearer <JWT>" "http://localhost:8080/ddenterpriseapi/DDEnterpriseServlet?method=newAuthTokenAs&userId=utilisateurCible"
116 {{/code}}
117
118 where//**<JWT>**//should be replaced with the JWT token obtained previously.
119 )))
120 * (((
121 **Using an API key:**
122 This API key is generated via the DigDash REST API without a defined target user (targetUser). See the section [[Create an API key>>doc:Digdash.API.DD_API.WebHome||anchor="API"]] for further details.
123 The request takes the following form (example using a curl request):
124
125 {{code language="C"}}
126 curl -H "X-API-KEY: <apikey>" "http://localhost:8080/ddenterpriseapi/DDEnterpriseServlet?method=newAuthTokenAs&userId=utilisateurCible"
127
128 {{/code}}
129
130 where//**<apikey>**//should be replaced with the API key obtained previously.
131 )))
132
133 The**method=newAuthTokenAs **parameter**allows **the URL or request response to retrieve the new AuthToken generated in this way.
134
135 You can then use the token in a URL to create an automatic session without authentication details.
136 For example, for a dashboard, in the following format:
137 [[http:~~/~~/localhost:8080/digdash_dashboard/index.html?user=utilisateurCible&authToken=token>>http://localhost:8080/digdash_dashboard/index.html?user=userCible&authToken=token]]
138 The ` **authToken **` parameter **must **be set to the token retrieved in the previous step.