Use jwt for authentication

we have a system in place which authenticates users and return JWT tokens, so instead of using flowable-idm we have to use that token to give access to users to flowable applications. can any point where i can start from? thanks

Hi,

I’ve done something similar previously and I got it working by replacing the FlowableCookieFilter class in the flowable-modeler (and other) application. In this class the cookie is read and checked for validity against flowable-idm. But instead you could just check that the JWT is valid and contains the correct access rights directly.

Regards,
Paul

thank you for the reply. Apart from this what else did you change for fetching users and groups.

I did some work to support JWT token issued from Azure AD. I added a PreAuthentication to Flowable-IDM and verify the token there. But I still use IDM to managing the privileges.

i am trying to do something similar, but my users and groups will come from the rest api something similar to LDAP.

If you are doing some work really similar to LDAP, I think you can create a IdentityService implement similar with LDAPIdentityServiceImpl and initial it as bean in IDM app. The only problem of this service interface is it can only verify user by username and password. That’s the reason I use PreAuthenticatedAuthenticationToken. Another benefit is it can support the original authentication at the same time.