JWT Integration
Overview
Mission apps are expected to use the P1 Keycloak integration for their applications rather than standing up their own Keycloak private servers. The P1 Keycloak is a layer abstracted in front of applications that is automatically integrated into every mission app. No actions need to be performed to integrate with Keycloak from a development perspective. P1 and Party Bus have control over Keycloak and the addition of any users that may need to authenticate to mission applications. Therefore, if your application needs to expand its user base, then you will need to create tickets for login.dso.mil onboarding.
Additionally, login.dso.mil does not contain any public clients. Therefore, to connect, the client Secret and client ID must be known. We do not offer this information to customers as it is sensitive, and there are few (if any) use cases where connecting directly to the client is necessary.
However, there is the question of being able to authorize users and control RBAC within an application. This can be done by parsing JWT headers. Specifically, the Authorization request header. Information on this can be found below.
UG - AuthService/JWT - Django Implementation
WIDOW utilizes Django as its back-end for the REST API. For the back-end, we need to associate each user's request with their action, so a mission commander can have an active view of what has been changed for a mission.
By utilizing the authorization service, we can guarantee everyone accessing the back-end has been authenticated through the P1 SSO.
Decode the JWT for User Information
The approved method for receiving the user information is to decode the JWT that is passed through the Authorization header.
For Django/Python, we leverage PyJWT library.
Example JWT
Example Decoded JWT
After decoding the JWT, you will receive the following:
NOTE
The rank and affiliation fields are optional; if they are not provided, the keys will not exist.
Header
{
"alg": "RS256",
"typ": "JWT",
"kid": "4CK69bW66HE2wph9VuBs0fTc1MaETSTpU1iflEkBHR4"
}