Show Posts
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
1
Web Server - Ask For Help / Re: JWT Json Web Token
« on: November 05, 2024, 02:44:46 PM »
Okay - I think I figured out the problem.
The alg is not correct. If I switch to HS256 all works.
The website is expecting RS256.
So I suspect this means I cannot use the HMAC function since that creates HS256....
The alg is not correct. If I switch to HS256 all works.
The website is expecting RS256.
So I suspect this means I cannot use the HMAC function since that creates HS256....
2
Web Server - Ask For Help / Re: JWT Json Web Token
« on: November 04, 2024, 04:11:51 PM »
I am successfully generating the JWT, but when I verify it on jwt.io it's telling me my secret is bad....
The header and payload data is decoded fine but I'm doing something wrong on the 'secret' stuff....
Here's the code I'm using:
Any ideas?
The header and payload data is decoded fine but I'm doing something wrong on the 'secret' stuff....
Here's the code I'm using:
Code: [Select]
!Create_ClientJWT FUNCTION (STRING KeyID,STRING ClientID, string UserID, string lSecret) ! Declare Procedure
! Build Header
Header_element.kid = clip(KeyID)
Header_element.alg = 'RSA256'
jwtj.Start()
jwtj.SetTagCase(jf:CaseAsIs)
jwtj.Save(header_element,stHeader)
! Payload
Payload_element.iss = clip(ClientID) ! Issuer
Payload_element.sub = clip(UserID) ! Subject of token
Payload_element.aud = 'https://api.alt.www4.irs.gov/auth/oauth/v2/token'
Payload_element.iat = fmt.ClarionToUnixDate(today(),clock()) ! Issued At Time - Epoch time
Payload_element.exp = fmt.ClarionToUnixDate(today(),clock()+(15*60*100)) ! expire time = iat + 15 minutes
stPayload.SetValue('')
stPayload.MakeGUID4(st:format)
Payload_element.jti = stPayload.GetValue() ! Unique ID I create
jwtj.Save(Payload_element,stPayload)
! message(stHeader.GetValue(),'stheader:')
! message(stPayload.GetValue(),'stPayload:')
stHeader.Base64Encode(st:URLSafe + st:NoPadding)
stPayload.Base64Encode(st:URLSafe + st:NoPadding)
! The call in this format gives me an invalid type error..
! stToEncrypt.SetValue(stHeader.GetValue()&'.'&stPayload.GetValue())
! stToEncrypt.SetValue(NetMakeHMAC(stToEncrypt.GetValue(),stToEncrypt.Len,CLIP(lSecret),net:CALG_SHA_256))
! So I do this.... stPreEncrypt string(1024)
stPreEncrypt = clip(stHeader.GetValue())&'.'& clip(stPayload.GetValue()) ! Values already encoded
stToEncrypt.SetValue(NetMakeHMAC(stPreEncrypt,len(stPreEncrypt),CLIP(lSecret),net:CALG_SHA_256))
stToEncrypt.Base64Encode(st:URLSafe + st:NoPadding)
RETURN stHeader.GetValue()&'.'& stPayload.GetValue() &'.'& stToEncrypt.GetValue()Any ideas?
3
Web Server - Ask For Help / Re: JWT Json Web Token
« on: November 03, 2024, 11:45:03 PM »
I did not get a compile warning. 
Thanks for noticing my error. Somehow I got it stuck in my brain that it returned a ST object.
Thanks for noticing my error. Somehow I got it stuck in my brain that it returned a ST object.
4
Web Server - Ask For Help / Re: JWT Json Web Token
« on: November 03, 2024, 06:12:37 PM »
On this section of code:
stToEncrypt.SetValue(stHeader.GetValue()&'.'&stPayload.GetValue())
Crypto.MakeHMAC(stToEncrypt,CLIP(lSecret),cs:CALG_SHA_256,0)
stToEncrypt.Base64Encode(1)
stToEncrypt.Replace('+','-')
stToEncrypt.Replace('/','_')
stToEncrypt.Replace('=','')
I modified per Bruces note to
! NetMakeHMAC function passes a string and returns ST so I created a string for this part
strPREencrypt = stHeader.GetValue()&'.'&stPayload.GetValue()
stToEncrypt = NetMakeHMAC(clip(strPREencrypt ),len(strPREencrypt),CLIP(lSecret),cs:CALG_SHA_256,0)
stToEncrypt.Base64Encode(1) <<-GPF
stToEncrypt.Replace('+','-')
stToEncrypt.Replace('/','_')
stToEncrypt.Replace('=','')
And I get a GPF on base64encode.
stToEncrypt.SetValue(stHeader.GetValue()&'.'&stPayload.GetValue())
Crypto.MakeHMAC(stToEncrypt,CLIP(lSecret),cs:CALG_SHA_256,0)
stToEncrypt.Base64Encode(1)
stToEncrypt.Replace('+','-')
stToEncrypt.Replace('/','_')
stToEncrypt.Replace('=','')
I modified per Bruces note to
! NetMakeHMAC function passes a string and returns ST so I created a string for this part
strPREencrypt = stHeader.GetValue()&'.'&stPayload.GetValue()
stToEncrypt = NetMakeHMAC(clip(strPREencrypt ),len(strPREencrypt),CLIP(lSecret),cs:CALG_SHA_256,0)
stToEncrypt.Base64Encode(1) <<-GPF
stToEncrypt.Replace('+','-')
stToEncrypt.Replace('/','_')
stToEncrypt.Replace('=','')
And I get a GPF on base64encode.
5
The Rest - Ask For Help / Vapid keys v JWT ?
« on: November 03, 2024, 05:35:33 PM »
Is there a webinar on Vapid keys ?
Per google they are related:
https://blog.mozilla.org/services/2016/04/04/using-vapid-with-webpush/
Could NetGenerateVapidKeys be used to create JWTs ?
All new to me. Kind of going in circles on this stuff!
Per google they are related:
https://blog.mozilla.org/services/2016/04/04/using-vapid-with-webpush/
Could NetGenerateVapidKeys be used to create JWTs ?
All new to me. Kind of going in circles on this stuff!
6
The Rest - Ask For Help / Example of using JWTs in a web service.....
« on: November 01, 2024, 03:29:06 PM »
Moved this - posted in the wrong section....
I'm probably over thinking this. I've seen the threads here about constructing JWTs for authentication use....
https://www.nettalkcentral.com/forum/index.php?topic=8902.msg36457#msg36457
https://www.nettalkcentral.com/forum/index.php?topic=8089.msg32855#msg32855
Using the example from Wiki: https://en.wikipedia.org/wiki/JSON_Web_Token
net.SetValue('grant_type','urn:ietf:params:oauth:grant-type:jwt-bearer')
net.SetValue('assertion',StringContainingtheWholeJWT)
net.Post(urlString)
And I'd get returned values in the page received method:
if Self.ThisPage.Length() > 0
json.load(resultGroup,self.thispage.GetValuePtr(),self.thispage.Length())
display()
End
where resultgroup will be....
ResultGroup GROUP,PRE(result)
access_token STRING(512)
token_type STRING(16)
expires_in long
END
The service I'm trying to connect to (IRS) requires sending 2 JWTs (for 2 different roles) when connecting.
net.SetValue('grant_type','urn:ietf:params:oauth:grant-type:jwt-bearer')
net.SetValue('assertion',StringContainingtheWholeJWT)
net.SetValue('client_assertion_type','urn:ietf:params:oauth:client-assertion-type:jwt-bearer')
net.SetValue('client_assertion',StringContainingtheWholeJWT)
net.Post(urlString)
Am I thinking this correctly or way off base? Anyone have an example?
I'm probably over thinking this. I've seen the threads here about constructing JWTs for authentication use....
https://www.nettalkcentral.com/forum/index.php?topic=8902.msg36457#msg36457
https://www.nettalkcentral.com/forum/index.php?topic=8089.msg32855#msg32855
Using the example from Wiki: https://en.wikipedia.org/wiki/JSON_Web_Token
net.SetValue('grant_type','urn:ietf:params:oauth:grant-type:jwt-bearer')
net.SetValue('assertion',StringContainingtheWholeJWT)
net.Post(urlString)
And I'd get returned values in the page received method:
if Self.ThisPage.Length() > 0
json.load(resultGroup,self.thispage.GetValuePtr(),self.thispage.Length())
display()
End
where resultgroup will be....
ResultGroup GROUP,PRE(result)
access_token STRING(512)
token_type STRING(16)
expires_in long
END
The service I'm trying to connect to (IRS) requires sending 2 JWTs (for 2 different roles) when connecting.
net.SetValue('grant_type','urn:ietf:params:oauth:grant-type:jwt-bearer')
net.SetValue('assertion',StringContainingtheWholeJWT)
net.SetValue('client_assertion_type','urn:ietf:params:oauth:client-assertion-type:jwt-bearer')
net.SetValue('client_assertion',StringContainingtheWholeJWT)
net.Post(urlString)
Am I thinking this correctly or way off base? Anyone have an example?
7
Web Server - Ask For Help / Re: Login Page - One page on success, a different one on fail
« on: March 28, 2024, 09:30:00 AM »
Thank you ! That works.
8
Web Server - Ask For Help / Login Page - One page on success, a different one on fail
« on: March 28, 2024, 12:07:26 AM »
Using the default login page example I'm trying to go to one page if the login is successful and a different page on failure.
Reading through different posts I saw examples of:
loc:formaction = 'SuccessPage'
loc:formactiontarget = '_top'
and
p_web.SetValue('_parentPage','SuccessPage')
neither seem to work.
Using the example code I can 'Authenticate' fine but can't seem to 'act' on it....
if p_web.GetValue('loc:hash') = p_web.GetSessionValue('loc:hash')
! login checking goes here
if p_web.Authenticate(Loc:Name,Loc:Passw) = true ! WebHandler, Authenticate method needs to be fleshed out.
p_web.ValidateLogin() ! this sets the session to "logged in"
p_web.SetSessionValue('loc:hash',0) ! clear the hash, so this login can't get "replayed".
p_web.SetValue('_parentPage','SuccessPage')
else
p_web.SetValue('_parentPage','FailedPage')
end
end
I think I'm completely off base !
Reading through different posts I saw examples of:
loc:formaction = 'SuccessPage'
loc:formactiontarget = '_top'
and
p_web.SetValue('_parentPage','SuccessPage')
neither seem to work.
Using the example code I can 'Authenticate' fine but can't seem to 'act' on it....
if p_web.GetValue('loc:hash') = p_web.GetSessionValue('loc:hash')
! login checking goes here
if p_web.Authenticate(Loc:Name,Loc:Passw) = true ! WebHandler, Authenticate method needs to be fleshed out.
p_web.ValidateLogin() ! this sets the session to "logged in"
p_web.SetSessionValue('loc:hash',0) ! clear the hash, so this login can't get "replayed".
p_web.SetValue('_parentPage','SuccessPage')
else
p_web.SetValue('_parentPage','FailedPage')
end
end
I think I'm completely off base !
9
Web Server - Ask For Help / RED BOX FLASH - Error in site script
« on: May 11, 2017, 10:29:36 AM »
I've cleaned the script folder, etc. in the WEB folder and ctl-F5 on the browser.
Tried in IE and Chrome (firefox insists on added www. in front of my localhost address - but then I've always found firefox's address bar to be obtuse)....
So, what scripting (it's all freshened to 8.71) is causing this problem?
Tried in IE and Chrome (firefox insists on added www. in front of my localhost address - but then I've always found firefox's address bar to be obtuse)....
So, what scripting (it's all freshened to 8.71) is causing this problem?
10
Web Server - Ask For Help / ASSERT Error in 8.71 - You have not called CLOSE
« on: May 11, 2017, 10:15:15 AM »
This was a wizard generated webapp.
I have a client update procedure. (netwebform)
Within that update procedure is 8 tabs that contain related browses (netwebbrowse).
6 of the 8 seem to generate an ASSERT error that Close was not called....
From the client list, I double click to edit a client.
The window displays and the server generates 6 ASSERT errors ...
If I remove the call to a netwebbrowse procedure the ASSERT error to its main file goes away.
I cannot detect any settings differences between the netwebbrowses that generate the ASSERT message and those that don't. I've examined both the Netwebbrowse itself and the calling webform.
Suggestions?
I have a client update procedure. (netwebform)
Within that update procedure is 8 tabs that contain related browses (netwebbrowse).
6 of the 8 seem to generate an ASSERT error that Close was not called....
From the client list, I double click to edit a client.
The window displays and the server generates 6 ASSERT errors ...
If I remove the call to a netwebbrowse procedure the ASSERT error to its main file goes away.
I cannot detect any settings differences between the netwebbrowses that generate the ASSERT message and those that don't. I've examined both the Netwebbrowse itself and the calling webform.
Suggestions?
11
Web Server - Ask For Help / Re: Posting to Paypal
« on: August 28, 2015, 10:33:35 AM »
Are you talking about IPN?
Little confused here by what you mean by "post a payment".
PP requires a place to post transactions to you (payment received, etc) and you need to acknowledge receipt by basically posting back to them the exact same thing.
Are you actually sending credit card info, etc? Are you building the transaction on your site (not theirs which it typical)?
Is that what you mean by post a payment?
Little confused here by what you mean by "post a payment".
PP requires a place to post transactions to you (payment received, etc) and you need to acknowledge receipt by basically posting back to them the exact same thing.
Are you actually sending credit card info, etc? Are you building the transaction on your site (not theirs which it typical)?
Is that what you mean by post a payment?
12
Web Server - Ask For Help / Re: Multi-Site Host and Subdomains
« on: July 10, 2015, 09:17:09 AM »
Bruce,
There's a difference between obscurity and serving up your control panel by default....g
Not trying to obscure things. Just didn't think the default-default page should be the admin control panel.....
The difference between accessing "mysite.com" or "acp.mysite.com" or "mysite.com/acp/"
Right now if the host header doesn't match to goes to the control panel....
Typing "sadjhsdlkjhsfjhsljfhjf.mysite.com" gets the control panel.....
I can't make entries for everything someone MIGHT type....
I'd like to be able to choose one of the hosted sites (DLLs) as the default - not just a page in the host webserver....
I guess I could create a default page that forwards to one of the site DLLs..... but doesn't that require sending a redirect to the browser? and it possible for the user to get a warning...
There's a difference between obscurity and serving up your control panel by default....g
Not trying to obscure things. Just didn't think the default-default page should be the admin control panel.....
The difference between accessing "mysite.com" or "acp.mysite.com" or "mysite.com/acp/"
Right now if the host header doesn't match to goes to the control panel....
Typing "sadjhsdlkjhsfjhsljfhjf.mysite.com" gets the control panel.....
I can't make entries for everything someone MIGHT type....
I'd like to be able to choose one of the hosted sites (DLLs) as the default - not just a page in the host webserver....
I guess I could create a default page that forwards to one of the site DLLs..... but doesn't that require sending a redirect to the browser? and it possible for the user to get a warning...
13
Web Server - Ask For Help / Re: Multi-Site Host and Subdomains
« on: July 09, 2015, 08:45:43 AM »
I think it's fine. I've done a few apps where I've loaded the same DLL multiple times - although not 100 <g>...
Hopefully it'll be 100...g I may use this method as a stop-gap....
Is there a way to catch the host header just before passing it to the DLLs? Basically in HOST.exe I'd want to trim off the leading segment of the host header to determine the DLL but pass the complete host header to the DLL.
In the DLL I could then determine what I need from the hos header.
This works fine in a standalone server. Using Host to call it is the issue....
>> With this experimenting I've come to realize the default website (when it can't find a host header) is the admin site...... not good....
why not good?
Because its tempting to hackers..... just showing its there....
>> Is there a way to create a unique URL for the admin site?
>> Is there a way to create a default sit
Note at the moment (but the app is just an app, so I'm sure it's possible - if you do make that change and want to submit it I'd be happy to fold that into the shipping app.)
Okay. What I'd want is the default site to be informational and instructional on how to sign up, etc...
14
Web Server - Ask For Help / Re: Multi-Site Host and Subdomains
« on: July 09, 2015, 08:37:38 AM »just curious why you would use this approach.
I have a few multi tenanted sites but they all log into the same url.
I'm using the URL to determine the database to use. That way 2 different businesses can have the same login ID "Bob" but be totally separate.
This method also allows easier transition from desktop to web - take their desktop data and plunk it in a folder on the web....
15
Web Server - Ask For Help / Re: Multi-Site Host and Subdomains
« on: July 07, 2015, 02:49:30 PM »
With further experimentation I added my full hosts:
Bob.app1.myhost.com
and
Joe.app1.myhost.com
and I had them reference the SAME DLL......
It works and doesn't seem to change memory use much. Is this a bad solution?
If I have 100 host entries all referencing the same DLL?
Bob.app1.myhost.com
and
Joe.app1.myhost.com
and I had them reference the SAME DLL......
It works and doesn't seem to change memory use much. Is this a bad solution?
If I have 100 host entries all referencing the same DLL?