Skip to main content

Dynamic Jwt in assystETM

S
Hero (Customer)
Forum|alt.badge.img+12

Good morning Community.

 

Some Background

We are currently using an external SMS service to communicate with our users (most notably within our Major Incident process) and looking to expand it into other processes. The solution that we use has an API interface and requires an encoded Jwt bearer token. This token must contain the iat (issued at time) claim and a secret to successfully authenticate (figure 1. with dummy data included below from jwt.io).

figure 1.

This is handled by a script on the integration server (Microsoft PowerShell using the JWT Module).

$iis = "#######"
$secret = "######"

[int]$iat = (Get-Date -Date ((Get-Date).DateTime) -UFormat %s)
$tokenBody = @{
	"iss" = "$iis"
	"iat" =  $iat
}

$myApiToken = ConvertTo-Json -InputObject $tokenBody  
$authToken = New-Jwt -Header '{"typ":"JWT", "alg":"HS256"}' -PayloadJson $myApiToken -Secret $secret

$myApiHeader = @{
	"Authorization" = "Bearer $authToken"
}

However, we have an interest in moving this to the assystETM platform now that we are on v1.8 which has access to HTTP Mappers. Giving us the opportunity to reduce Action Processor load using ‘Destinations’ and safeguarding us against changes made to the Integration Server VM (which is hosted by IFS in our case).


The Issue

We have been unable (so far) to generate this encoded value natively in ETM. To our knowledge, we are unable to use JavaScript Libraries/ Modules, or Classes on the platform and any attempt to script this without these has resulted in endless looping or mapper channel failures due to resource constraints.

 

So….

What are you all doing in this space? How are you generating encoded values with ETM for your integrations?

The closest workaround we have found it to use assystETM to trigger an Azure Automation or Function App which achieves the primary goals but is still external to the core assyst products.

6 replies

P
Hero (Employee)
Forum|alt.badge.img+10

HTTP Request Mappers support OUath with JWT. The iat (& nbf & exp) values are automatically generated for you. 

Configuring OAuth for the mapper is a bit clunky in 1.8. This is improved in 1.9 where Connectors can be used to define the OAuth settings. 

S
1 person likes this
  • S
    Steve Miller
S
Hero (Customer)
Forum|alt.badge.img+12
  • Steve Miller
  • Author
  • Hero (Customer)
  • 139 replies
  • April 3, 2025

I have been playing in our test environment which is 24R2/ 1.9 where we are performing our pre-upgrade testing.

Do you have any screenshots, examples or guidance ​Paul? I Couldn’t quite figure out from the wiki pages how this would be done using the new ‘Connectors’ feature. I think the lack of iat as an option confused me a little and where to include the vendor provided secret. Logic dictates it should go into the Private Key Password field?

Connector Configuration - assystETM 1.9

 

P
Hero (Employee)
Forum|alt.badge.img+10

I think that would just go in the ‘Client Secret’ field. ‘Private Key Password’ would be used if you were authenticating with an encrypted private key.

S
Hero (Customer)
Forum|alt.badge.img+12
  • Steve Miller
  • Author
  • Hero (Customer)
  • 139 replies
  • April 3, 2025

I think I may be misunderstanding something fundamental 😬

 

I can see using Connectors for integrations like MS Graph where you would query a token endpoint such as ‘https://login.microsoftonline.com/[tenantId]/oauth2/v2.0/token’ where permissions are controlled by Enterprise Apps being fairly straightforward.

 

However, am having trouble getting my head around this scenario. Having added the iss value in the ‘Issuer’ field and secret in the ‘Client Secret’ field. The run results in an error of ’Cannot invoke "String.length()" because "spec" is null’ and has a request content of….

{
    "contentType": "application/json",
    "httpMethod": "POST",
    "oauth2": true,
    "privateKey": "",
    "requestBody": {
        "value1": "07123456789",
        "value2": "Testing_Fake_Template"
    },
    "requestHeader": {},
    "url": "[URL]"
}

The recipient API endpoint is very specific about what it is expecting. What I was expecting the connection to generate was this (below). But it seems that ETM is ignoring or hiding the jwt stuff.

{
    "contentType": "application/json",
    "httpMethod": "POST",
    "oauth2": true,
    "privateKey": "",
    "requestBody": {
        "value1": "07123456789",
        "value2": "Testing_Fake_Template"
    },
    "requestHeader": {
		"Authorization": "Bearer [encoded_jwt_token]"
	},
    "url": "[URL]"
}

 

P
1 person likes this
  • P
    Paul McCulloch
P
Hero (Employee)
Forum|alt.badge.img+10

I understand now . ETM doesn’t support this use case at the moment. It only supports the generation of JWTs for OAuth Authentication requests (as you’ve discovered). 

If you log an Idea then the product managers will consider it for inclusion in a future release. Please provide as much information as possible, including the SNS service you want to use.

S
Hero (Customer)
Forum|alt.badge.img+12
  • Steve Miller
  • Author
  • Hero (Customer)
  • 139 replies
  • April 4, 2025

Thanks for your help and patience Paul. I have raised an idea as suggested.

Dynamic Jwt values in assyst ETM - HTTP Mappers & Connectors | IFS Community

 

I am still interested to hear how other customers are doing this and similar if anyone wishes to share so will continue to monitor the conversation.

Reply


Terms & ConditionsCookie settings

Cookie policy

We use cookies to enhance and personalize your experience. If you accept you agree to our full cookie policy. Learn more about our cookies.

 
Cookie settings