REST API - Logging

micmaher · February 6, 2020, 9:49am

Hi,

I’ve got a REST API set-up with JWT authentication. I would like to add an audit trail of who is making the requests to the API. Perhaps log IP addresses of hosts connecting or better again parse the JWT payload to pull out the name of the owner of the token.

I’m not aware of an internal log in UD that will capture this so wondering if I can build this functionality into the REST API instance I have.

Thanks,

Michael

LxLechat · February 6, 2020, 10:34am

There are some predifined variables in everyendpoint you can check this link

https://docs.universaldashboard.io/endpoints/variables-defined-in-endpoints

I build a small function that parses the $request object, fetch infos that i want, then insert in a table… !
$User being the username !

BoSen29 · February 6, 2020, 11:03am

Hi @micmaher
As @LxLechat said, the $User variable will contain the username for the client.

As for logging: Write-UDLog function should allow you to write whatever you’d like to the log defined with “Enable-UDLogging”

micmaher · February 7, 2020, 11:41am

Thanks yes $User works.

$ClaimsPrincipal gives a little more data

$($ClaimsPrincipal | Select-Object -ExpandProperty Claims)
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name: testuser 
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/hash: 12345
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier: UniversalDashboard nbf: 1581071431 exp: 1612607431 iss: poshud.com aud: UniversalDashboard

There isn’t a way to see the the tokens an online JWT issuer has issued for you is there?

And from what I have read so fr revoking JWTs can be difficult too.

micmaher · February 7, 2020, 12:33pm

I’d be interested to see that function LxLechat, wondering if you stripped out the token from the headers before logging it?

LxLechat · February 7, 2020, 12:45pm

Just to be clear i’m parsing the $Request object not the claimsparincipal …
it’s something really basic … i just pass the $request object to a simple function then extract datas that are of interest for me, like that
Just wrap that in a function, then adapat at your will here is an example of what i’m interested in … (there are more but, this might help you )

$Request.HttpContext.Request.Method #do something with that
$Request.HttpContext.Request.QueryString.Value #do something with that

        If ( $Request.HttpContext.Request.Method -eq "GET" ) {
            $Request.HttpContext.Request.QueryString.Value 
        }

Topic		Replies	Views
REST API authentication Universal Dashboard Help	2	873	April 10, 2020
Authentication - Dashboard and REST API Universal Dashboard Help	3	1350	October 29, 2019
AD Federated login, claims, and API login Universal Dashboard Help	4	788	December 24, 2019
On Login Event/ScriptBlock? [UDv2.9] Universal Dashboard Help	8	796	November 5, 2020
Authentication/authorization in the REST API Universal Dashboard Help	3	2099	December 7, 2018

REST API - Logging

Related Topics