Jet Requests Auth

When working with your custom APIs it can be necessary to validate that request is done by the authenticated user and that the user is authorized to perform such requests.

You can send current user JWT token to your API to validate user and check permissions. Usually it is done with Authorization header, but you are free to use any implementation.

There are two types of user tokens:

token - generated per User, contains user ID in payload
project token - generated per App (and environment), contains user ID, project ID, environment ID, permissions, user properties, team properties

Validate JWT token

JSON Web Tokens are an open, industry standard RFC 7519 method for representing claims securely between two parties. There a lot of libraries across different languages and tech stacks which allow you to validate JWT token. JWT token also contains payload where you can find user info and permission details.

Here is the public key which you should use to validate that received token is correct token generated by Jet Admin side.

jet_admin_key.pub

Check JWT permissions (project token)

If you want to give access to your API based on Jet Admin user permission you can parse JWT payload to get user permissions and check them. In this case you should use project token.

You can parse project token payload using https://jwt.io/

Example of project token payload with Full Access permissions:

{
  "token_type": "access",
  "exp": 1668998967,
  "jti": "102778f3241d49a6b442dc8b205ec821",
  "user": "1025c221-948a-4b7c-a58b-fa7cf816a72c",
  "project": "jet_bridge_gql",
  "environment": "prod",
  "projects": {
    "jet_bridge_gql": {
      "super_group": true
    },
    "demo_resources": {
      "read_only": true
    }
  },
  "user_properties": {},
  "group_properties": {}
}

Example of project token payload with granular permissions:

{
  "token_type": "access",
  "exp": 1675744090,
  "jti": "6f20ac1c51094e18971499816c79be66",
  "user": "d6a4c751-55c5-44e4-99fc-049c287ce71e",
  "project": "jet_bridge_gql",
  "environment": "prod",
  "projects": {
    "jet_bridge_gql": {
      "super_group": false,
      "read_only": false,
      "permissions": "H4sIAC7S4WMC/52PPUvEQBRF/0qYelky3y92YiWriKyCIBLeZN6YuNkkzIwGlf3vJp1YbGF1L5xb3PP8zSaKxy6lbhzq/DkRuyjYcfTUs03xm43ujZq80tBFcpio/pCD2eKM0ac/Y2zyEmldx9mvMFIa32NDdR4PNNQtpnalTSVRWArcVt4EFGjF0oArlNwaRRx0CSWGpnHgXcmlkLQ0ERDJO7DstCn+oYBdzOh6qg3vvrY4Tbv54ebx+vLwmk3c3dfZ9bdPIuzbfdRX9s4MZ/zO2IEBI5XhUC6PFztHiBC0MUZzIq68BNRCQaW1h4oHTmADKYE8uMXYsdPLD+tKZ+ShAQAA"
    },
    "demo_resources": {
      "read_only": true
    }
  },
  "user_properties": {
    "na37j0tc": "bar2",
    "q5zdv0e3": "bar1"
  },
  "group_properties": {
    "5vlsld0o": "test value"
  }
}

permissions key is a JSON object which is compressed with Gzip and Base64 encoded string. It contains detailed information about permissions which has user's assigned team.

PreviousOAuth 2.0 NextFirebase / Firestore

Last updated 3 months ago

Was this helpful?