Project

General

Profile

« Previous | Next » 

Revision 9530

Add a setAuthToken() method. when the HTTP_AUTHORIZATION environment variable is set, set the value as the `auth_token_header` instance variable in the Metacat instance passed in. This requires that the Apache installation includes an HTTP rewrite rule to pass the header on to an CGI processing the request. Call this method whenever we instantiate a Metacat object.

Also, add two methods that will be used for parsing the JWT authentication token: getSigningCertificate() and getTokenInfo(). The former tries to download the appropriate certificate used to sign the token coming in from the request, based on the Metacat D1Client.CN_URL property. With the appropriate PEM-encoded certificate converted to a DER-encode certificate, we use Crypt::JWT->decode_jwt() to decode the token. This is a finicky method in that it fails when the token has expired, rather than just decoding it and returning the token claims, expired or not. So, in getTokenInfo(), on failure, we just set the isValid field to 0 with everything else being empty. I know, kludgy.

refs https://github.nceas.ucsb.edu/KNB/arctic-data/issues/42

  • added
  • modified
  • copied
  • renamed
  • deleted