REST API authentication

Hi everyone !

Im new to UD and im trying to make authentication on a REST API. It doesn’t want to work and im really confused about how it work and how to get the JSON WEB TOKEN working.
I hope you guys can help me…

So i have a very simple dashboard with a login page. Then i have a simple imput field where you can enter names to create new AD users.

The action to create a new account is made by my API. At this point all is working properly. But when i want to use authentication it doesn’t work anymore. I tried to solve it with the docs but actually im really confused.

Here the code of my dashboard :

Enable-UDLogging

$AuthMethod = New-UDAuthenticationMethod -Endpoint {

    param([PSCredential]$Credentials)

    if ($Credentials.UserName -eq "lucas" -and $Credentials.GetNetworkCredential().Password -eq "Password") {

        New-UDAuthenticationResult -Success -UserName "lucas"

    }

    elseif ($Credentials.UserName -eq "jean" -and $Credentials.GetNetworkCredential().Password -eq "Password") {

        New-UDAuthenticationResult -Success -UserName "jean"

    }

    else{

        New-UDAuthenticationResult -ErrorMessage "You are not authorized to enter this dashboard"

    }

}

$FormLogin = New-UDLoginPage -AuthenticationMethod $AuthMethod

import-module @("ActiveDirectory", "UniversalDashboard")

$MyDashboard = New-UDDashboard -Title "Dashboard" -LoginPage $FormLogin -Content {

    New-UDHeading -Text "Logged in as $User"

    New-UDInput -Title Account -Content{

        New-UDInputField -Type textbox -Name "nom" -Placeholder "Nom"

        New-UDInputField -Type textbox -Name "prenom" -Placeholder "Prenom"

    } -Endpoint {

        param(

            $nom,

            $prenom

        )

        $Token = Invoke-RestMethod "http://localhost:8081/api/login" -Method Post -Body @{

            UserName = "lucas"

            Password = "Password"

        } 

        Invoke-RestMethod -Uri "http://localhost:8081/api/account/$nom/$prenom" -Method Post -Headers @{Authorization = "Bearer $($Token.token)"}

    }
}

Start-UDDashboard -Dashboard $MyDashboard -Name 'Dashboard' -Port 8080 -AllowHttpForLogin

And here the code of my API : 

 Enable-UDLogging

$AuthMethod = New-UDAuthenticationMethod -Endpoint {

    param([PSCredential]$Credentials)

    if ($Credentials.UserName -eq "lucas" -and $Credentials.GetNetworkCredential().Password -eq "Password") {

        $Token = Grant-UDJsonWebToken -Identity "lucas"

        New-UDAuthenticationResult -Success -UserName "lucas" -Token $Token

    }

    else{

        New-UDAuthenticationResult -ErrorMessage "You are not authorized to perform this action !"

    }

}

import-module @("ActiveDirectory", "UniversalDashboard")

$Endpoint = New-UDEndpoint -Url "/account/:nom/:prenom" -Method "POST" -Endpoint {

    $name = $nom + " " + $prenom

    New-ADUser -Surname $nom -GivenName $prenom -Name $name

}

Start-UDRestApi -Endpoint $Endpoint -Port 8081 -Force -AuthenticationMethod $AuthMethod

Apologies for my English.

Thank you by advance for your help.

Hey @Lucas.R,

Welcome to the Forums!

You need to make sure to include a JWT authentication method for your REST API. Calling New-UDAuthenticaitonMethod without any parameters is the correct parameter set for that. You can tweak the parameters of the cmdlet to include a different signing key to provider custom encoding for your AppTokens. If you adjust the signing key in New-UDAuthenticationMethod, you’ll also need to adjust it in Grant-UDAppToken.

Here’s how to configure a REST API with JWT Auth.

$AuthMethod = New-UDAuthenticationMethod

So for your REST API, I would suggest this:

$AuthMethod = New-UDAuthenticationMethod
import-module @("ActiveDirectory", "UniversalDashboard")

$Endpoint = New-UDEndpoint -Url "/account/:nom/:prenom" -Method "POST" -Endpoint {

    $name = $nom + " " + $prenom

    New-ADUser -Surname $nom -GivenName $prenom -Name $name

}

Start-UDRestApi -Endpoint $Endpoint -Port 8081 -Force -AuthenticationMethod $AuthMethod

In your dashboard, you need to grant a token to access the REST API. In this example, I’m granting an AppToken and storing it in the user’s session.

Then when I go to call the API, I’m referencing that AppToken.

Enable-UDLogging

$AuthMethod = New-UDAuthenticationMethod -Endpoint {

    param([PSCredential]$Credentials)

    if ($Credentials.UserName -eq "lucas" -and $Credentials.GetNetworkCredential().Password -eq "Password") {

        $Session:Token = Grant-UDAppToken -UserName 'lucas'
        New-UDAuthenticationResult -Success -UserName "lucas"

    }

    elseif ($Credentials.UserName -eq "jean" -and $Credentials.GetNetworkCredential().Password -eq "Password") {

        New-UDAuthenticationResult -Success -UserName "jean"

    }

    else{

        New-UDAuthenticationResult -ErrorMessage "You are not authorized to enter this dashboard"

    }

}

$FormLogin = New-UDLoginPage -AuthenticationMethod $AuthMethod

import-module @("ActiveDirectory", "UniversalDashboard")

$MyDashboard = New-UDDashboard -Title "Dashboard" -LoginPage $FormLogin -Content {

    New-UDHeading -Text "Logged in as $User"

    New-UDInput -Title Account -Content{

        New-UDInputField -Type textbox -Name "nom" -Placeholder "Nom"

        New-UDInputField -Type textbox -Name "prenom" -Placeholder "Prenom"

    } -Endpoint {

        param(

            $nom,

            $prenom

        )

        $Token = Invoke-RestMethod "http://localhost:8081/api/login" -Method Post -Body @{

            UserName = "lucas"

            Password = "Password"

        } 

        Invoke-RestMethod -Uri "http://localhost:8081/api/account/$nom/$prenom" -Method Post -Headers @{Authorization = "Bearer $($Session:token)"}

    }
}

Start-UDDashboard -Dashboard $MyDashboard -Name 'Dashboard' -Port 8080 -AllowHttpForLogin

Hope that makes sense!

Thanks a lot for your answer @adam !!

Im now trying to made up an authenticate API with windows authentication.
Im using the SID group to grant a token and access the API.
I hope I can do it haha…

Thanks for your time !