Wiki source code of Anonymisation des Urls
Last modified by Aurelie Bertrand on 2026/06/22 14:13
Show last authors
| author | version | line-number | content |
|---|---|---|---|
| 1 | {{toc/}} | ||
| 2 | |||
| 3 | ---- | ||
| 4 | |||
| 5 | This document describes how to authenticate automatically within the various DigDash Enterprise modules (dashboards, configuration pages) without using the **‘pass’** parameter. | ||
| 6 | |||
| 7 | (% class="wikigeneratedid" id="HAuthentificationviaunjetonAuthToken" %) | ||
| 8 | The principle is that, once authenticated, a token is requested which, when used, allows a new session to be created based on the one requested by the current session. | ||
| 9 | This token enables an automatic session to be created without having to specify the user’s password. | ||
| 10 | |||
| 11 | (% class="box infomessage" %) | ||
| 12 | ((( | ||
| 13 | **ℹ**A token expires automatically **5 minutes** after it is created. | ||
| 14 | |||
| 15 | Once used by a browser, the token is ‘reserved’ for that browser. It can then be reused several times by the same browser (to display multiple iframes simultaneously), but will be rejected if used elsewhere. | ||
| 16 | ))) | ||
| 17 | |||
| 18 | = Requesting an AuthToken = | ||
| 19 | |||
| 20 | There are three different ways to authenticate when requesting a token. | ||
| 21 | |||
| 22 | * **Logged in with username and password: ** | ||
| 23 | The token request is made via a web service with a URL in the following format: | ||
| 24 | [[http:~~/~~/localhost:8080/ddenterpriseapi/DDEnterpriseServlet?user=admin&pass=admin&method=newAuthToken>>http://localhost:8080/ddenterpriseapi/DDEnterpriseServlet?user=admin&pass=admin&method=newAuthToken]] | ||
| 25 | |||
| 26 | (% class="box warningmessage" %) | ||
| 27 | ((( | ||
| 28 | ⚠ The password must be correctly encoded for the URL to work. | ||
| 29 | ))) | ||
| 30 | |||
| 31 | * **Using basic authentication:**((( | ||
| 32 | Using curl with the -u option: you will be prompted for the password after the request is executed. | ||
| 33 | |||
| 34 | {{code}} | ||
| 35 | curl -u <user> http://localhost:8080/ddenterpriseapi/DDEnterpriseServlet?method=newAuthToken | ||
| 36 | {{/code}} | ||
| 37 | |||
| 38 | By specifying the header yourself: the request takes the following form: | ||
| 39 | |||
| 40 | {{code}} | ||
| 41 | curl -H 'Authorization: Basic <base64(user:pass)>' http://localhost:8080/ddenterpriseapi/DDEnterpriseServlet?method=newAuthToken | ||
| 42 | {{/code}} | ||
| 43 | ))) | ||
| 44 | |||
| 45 | * **Using a JWT token:**((( | ||
| 46 | The token is requested via a request. The JWT (JSON Web Token) is specified in the HTTP header for authentication. | ||
| 47 | This JWT is generated via the DigDash REST API without a defined target user (targetUser). See the section [[Creating a JWT token>>doc:Digdash.API.DD_API.WebHome||anchor="JWT"]] for further details. | ||
| 48 | The request takes the following form (example using a curl request): | ||
| 49 | |||
| 50 | {{code language="C"}} | ||
| 51 | curl -H "Authorization: Bearer <JWT>" "http://localhost:8080/ddenterpriseapi/DDEnterpriseServlet?method=newAuthToken" | ||
| 52 | {{/code}} | ||
| 53 | |||
| 54 | where //**<JWT>**// should be replaced with the JWT token obtained previously. | ||
| 55 | ))) | ||
| 56 | * ((( | ||
| 57 | **Using an API key:** | ||
| 58 | The API key is requested via a request. The API key is specified in the HTTP header for authentication. | ||
| 59 | This API key is generated via the DigDash REST API without a defined target user (targetUser). See the section [[Creating an API key>>doc:Digdash.API.DD_API.WebHome||anchor="API"]] for further details. | ||
| 60 | The request takes the following form (example using a curl request): | ||
| 61 | |||
| 62 | {{code language="C"}} | ||
| 63 | curl -H "X-API-KEY: <apikey>" "http://localhost:8080/ddenterpriseapi/DDEnterpriseServlet?method=newAuthToken" | ||
| 64 | {{/code}} | ||
| 65 | |||
| 66 | where //**<apikey>**// should be replaced with the API key obtained previously. | ||
| 67 | ))) | ||
| 68 | |||
| 69 | The**method=newAuthToken **parameter**allows **the URL or request response to retrieve the new AuthToken generated in this way. | ||
| 70 | |||
| 71 | = Using the AuthToken in a URL = | ||
| 72 | |||
| 73 | Once you have retrieved the AuthToken, you can use it in a URL to create an automatic session without needing to provide authentication details. | ||
| 74 | |||
| 75 | For example, for a dashboard, it would be used as follows: | ||
| 76 | [[http:~~/~~/localhost:8080/digdash_dashboard/index.html?user=admin&authToken=token>>http://localhost:8080/digdash_dashboard/index.html?user=admin&authToken=token]] | ||
| 77 | The **authToken **parameter **must **be set to the token retrieved in the previous step. | ||
| 78 | |||
| 79 | = Advanced: Identity borrowing = | ||
| 80 | |||
| 81 | **The API’s newAuthToken **method returns a token for the current session and the current user. You must therefore have a session for that user in order to call this method and use its result in a URL. | ||
| 82 | |||
| 83 | In some cases, this is a constraint, and it is useful to be able to log in as another (target) user using a source user’s credentials. The ` **newAuthTokenAs **` method is available, **which **takes an additional **`userId**` parameter. | ||
| 84 | |||
| 85 | The following prerequisites are required to use this method: | ||
| 86 | |||
| 87 | * The system must have the property **PROP_NEWAUTHTOKENAS = **true in **system.xml** | ||
| 88 | * The source user must have the **Admin > Allow impersonation** authorisation. | ||
| 89 | |||
| 90 | Once these prerequisites have been met, proceed as follows depending on the authentication method used: | ||
| 91 | |||
| 92 | * **Logged in with username and password: ** | ||
| 93 | The target user must be specified in the URL when requesting the token in the following format: | ||
| 94 | [[http:~~/~~/localhost:8080/ddenterpriseapi/DDEnterpriseServlet?user=admin&pass=admin&method=newAuthTokenAs&userId=utilisateurCible>>http://http//localhost:8080/ddenterpriseapi/DDEnterpriseServlet?user=admin&pass=admin&method=newAuthTokenAs&userId=userCible]] | ||
| 95 | |||
| 96 | * **Via basic authorisation:**((( | ||
| 97 | Using curl with the -u option: you will be prompted for the password after the request is executed. | ||
| 98 | |||
| 99 | {{code}} | ||
| 100 | curl -u <user> http://localhost:8080/ddenterpriseapi/DDEnterpriseServlet?method=newAuthTokenAs&userId=utilisateurCible | ||
| 101 | |||
| 102 | {{/code}} | ||
| 103 | |||
| 104 | By specifying the header yourself: the request takes the following form (example using a curl request): | ||
| 105 | |||
| 106 | {{code}} | ||
| 107 | curl -H 'Authorization: Basic <base64(user:pass)>' http://localhost:8080/ddenterpriseapi/DDEnterpriseServlet?method=newAuthTokenAs&userId=utilisateurCible | ||
| 108 | {{/code}} | ||
| 109 | ))) | ||
| 110 | * **Via a JWT token:** | ||
| 111 | This JWT token is generated via the DigDash REST API without a defined target user (targetUser). See the section [[Creating a JWT token>>doc:Digdash.API.DD_API.WebHome||anchor="JWT"]] for further details.((( | ||
| 112 | The request takes the following form (example using a curl request): | ||
| 113 | |||
| 114 | {{code language="C"}} | ||
| 115 | curl -H "Authorization: Bearer <JWT>" "http://localhost:8080/ddenterpriseapi/DDEnterpriseServlet?method=newAuthTokenAs&userId=utilisateurCible" | ||
| 116 | {{/code}} | ||
| 117 | |||
| 118 | where//**<JWT>**//should be replaced with the JWT token obtained previously. | ||
| 119 | ))) | ||
| 120 | * ((( | ||
| 121 | **Using an API key:** | ||
| 122 | This API key is generated via the DigDash REST API without a defined target user (targetUser). See the section [[Create an API key>>doc:Digdash.API.DD_API.WebHome||anchor="API"]] for further details. | ||
| 123 | The request takes the following form (example using a curl request): | ||
| 124 | |||
| 125 | {{code language="C"}} | ||
| 126 | curl -H "X-API-KEY: <apikey>" "http://localhost:8080/ddenterpriseapi/DDEnterpriseServlet?method=newAuthTokenAs&userId=utilisateurCible" | ||
| 127 | |||
| 128 | {{/code}} | ||
| 129 | |||
| 130 | where//**<apikey>**//should be replaced with the API key obtained previously. | ||
| 131 | ))) | ||
| 132 | |||
| 133 | The**method=newAuthTokenAs **parameter**allows **the URL or request response to retrieve the new AuthToken generated in this way. | ||
| 134 | |||
| 135 | You can then use the token in a URL to create an automatic session without authentication details. | ||
| 136 | For example, for a dashboard, in the following format: | ||
| 137 | [[http:~~/~~/localhost:8080/digdash_dashboard/index.html?user=utilisateurCible&authToken=token>>http://localhost:8080/digdash_dashboard/index.html?user=userCible&authToken=token]] | ||
| 138 | The ` **authToken **` parameter **must **be set to the token retrieved in the previous step. |