Scoutid JWT

scoutid_jwt.md

How the JWT tokens work at https://scoutid.se/admin

The requests

1. Ajax: https://scoutid.se/jwt/jwt.php?app_id=<domain_name/entity_id>
   Response 403: {ok: false, error: "No session", url: "<auth url>"}

2. redirect to <auth url> (https://scoutid.se/simplesaml/module.php/core/loginuserpass.php?AuthState=...)

3. Ajax: https://scoutid.se/jwt/jwt.php?app_id=&lt;domain_name/entity_id>
   Response 200: {ok: true, token: "<jwt token>"}

Exemple code

const login = async () => {
	const response = await fetch("https://scoutid.se/jwt/jwt.php?app_id=" + location.hostname, {credentials: 'include'});
	if(!response.ok) throw response;
	const result = await response.json();
	if(!result || !result.ok || !result.token) {
		throw result;
	}
	return result.token;
};

login().then(console.log)

Verify token

The token is signed with an asymetic RS256 key

-----BEGIN PUBLIC KEY-----
MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEApjMTez3ey8PjJtAx/XrA
nnburBb9DRcqbPYAuR75BSF3Nau8DIiCZEyc4MK88Vji7bLC16GfIldxnBc7AGmF
IG6u7sZJhFd1zb9ggoSVU68c5RM0AhTeCoYyuZj7Vd2rM6PkAzi+wVjVFIAntmIf
KMrUuQqstLof8vDoPhY/37ciI1tlrkLut3CMOyE5sFbFr/D8lvIX7wELUKaz0BIz
XzBsE5PhB7EoC4Ureglm2SRxHL/HcXMYjun1M2yaMDMTJEW8pom0UbRLePx9CT56
hmqVYBGZHKKt97nQiHrYjNeYlV1Czqu9NUzFYInRikhuUCtmSrjkeoDTBVFY79lx
NLnUlc4iyKu+RsHfB+bORuqc2ockxzz8CEwAkNvmqpVV+P1msGrq4aF5LjOvV+iq
mfZYXpe/9ECYHOKxN2rExyCwAU6bUTDtrSCMFIZc1SlZ7+OgcX/9V0Cxlh7DURh6
xpHgCBiAMK5LgcJt7LBth36+Kp7IjE0r4nY+HIfE8D5uTztscD2XAoA5K46TjLPy
XVQhIUSP/7nLuq+SNfam6TX4HDm0HP2AzX5I4am5amUGl7/fWWdS50T0ZmMH7s7C
GQ6VodVFuYVL+9VQTw6UtlWYpxcrsGbt6Ycpt18PZF/S/k4r55r330hJMRIbNb+4
ehXj1RGoxKDk09vDzXCsJnsCAwEAAQ==
-----END PUBLIC KEY-----

Issues

• 113 https://github.com/Scouterna/scoutid/issues/113 The token grow in size for user with a lot of roles, our current konq settings fails when the token gets over 5.6kB.

• 122 https://github.com/Scouterna/scoutid/issues/122 Response with a 500, if the entity-id isn't in the database.

Exemple Token

Here is an exemple-token at jwt.io: https://jwt.io/#debugger-io?token=eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJpc3MiOiJzY291dGlkLnNlIiwic3ViIjoiMzM2MjM1NUB3d3cuc2NvdXRuZXQuc2UiLCJhdWQiOiJzY291dHN0dWdhLmhlcm9rdWFwcC5jb20iLCJleHAiOjE1OTgwMTc1MTMsImlhdCI6MTU5ODAxNjYxMywibmFtZSI6IlNjb3V0c3R1Z2Egd2l0aCByb2xlIiwiZW1haWwiOiIiLCJkb2IiOiIyMDAwLTAxLTAxIiwia2FyZXIiOnsiMTM4NiI6IlRlc3RrXHUwMGU1ciJ9LCJyb2xlcyI6WyIqOio6Y290dGFnZV9yZW50YWwiLCJncm91cDoqOioiLCJncm91cDoqOmNvdHRhZ2VfcmVudGFsIiwiZ3JvdXA6MTM4NjoqIiwiZ3JvdXA6MTM4Njpjb3R0YWdlX3JlbnRhbCJdfQ.PE3iVyJaDr7RMD9F4rT4AdMPs_BYfuS8L9VGKU3jtc7dnsB3LQxde7kHtWGOf5X_vosFFZKsgo3t9jjN-DVTH00QYbI_vVS2l7ShxLTiQKBLEqQN8vnQSx_Xr2nH7AtTspExzR30tMI8aCVIncAr3gwTw3ESYOZE3V6i7HsGLJTiT6hyXROE5nISoda1EmnW8Ovd-siueaepy36HUW4GLjo1bU70dSEaHgWB-KFNQiYPKqIYUcw2I4h3btE21VZfSHPQm67OaEsel6Ht9EcKPzdItKxkcXGbHYagsX32nAqsKULvny72yOk4X7X9fntToJZfbOqrEKReU3V1QW3LIjGPWbPaa6wy356oUdVSulUXy3WaT98Xh165SvdUYqu9JgHAMABN1QkemrYRHpWD0slyECPM2LzpTGUlKPkJ0I9Qsr0eJEZf5WpuJ2Wpz7P9qpugsWl7xScETSdqhsoTPAUNUDpKS6KplF3S7QDs6Sw6Z6K_w_A7gGgYU_ZQ5eVmyRPo1b0qPUkvM6snu-YLPvmacefWOwsjnEKfm1iGO6mxhzeZPvgE-XY0RubtgVBfp0RrrTMr90e2B8KKvWUwInh8sTh0L_BDToTuxjK8dUk8-fYea0Fvtr9nPiPEA4f-UrvwJs4PohfqDo3Ucoiexr2zsjvc-vhNofyOULXzU2o&publicKey=-----BEGIN%20PUBLIC%20KEY-----%0AMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEApjMTez3ey8PjJtAx%2FXrA%0AnnburBb9DRcqbPYAuR75BSF3Nau8DIiCZEyc4MK88Vji7bLC16GfIldxnBc7AGmF%0AIG6u7sZJhFd1zb9ggoSVU68c5RM0AhTeCoYyuZj7Vd2rM6PkAzi%2BwVjVFIAntmIf%0AKMrUuQqstLof8vDoPhY%2F37ciI1tlrkLut3CMOyE5sFbFr%2FD8lvIX7wELUKaz0BIz%0AXzBsE5PhB7EoC4Ureglm2SRxHL%2FHcXMYjun1M2yaMDMTJEW8pom0UbRLePx9CT56%0AhmqVYBGZHKKt97nQiHrYjNeYlV1Czqu9NUzFYInRikhuUCtmSrjkeoDTBVFY79lx%0ANLnUlc4iyKu%2BRsHfB%2BbORuqc2ockxzz8CEwAkNvmqpVV%2BP1msGrq4aF5LjOvV%2Biq%0AmfZYXpe%2F9ECYHOKxN2rExyCwAU6bUTDtrSCMFIZc1SlZ7%2BOgcX%2F9V0Cxlh7DURh6%0AxpHgCBiAMK5LgcJt7LBth36%2BKp7IjE0r4nY%2BHIfE8D5uTztscD2XAoA5K46TjLPy%0AXVQhIUSP%2F7nLuq%2BSNfam6TX4HDm0HP2AzX5I4am5amUGl7%2FfWWdS50T0ZmMH7s7C%0AGQ6VodVFuYVL%2B9VQTw6UtlWYpxcrsGbt6Ycpt18PZF%2FS%2Fk4r55r330hJMRIbNb%2B4%0AehXj1RGoxKDk09vDzXCsJnsCAwEAAQ%3D%3D%0A-----END%20PUBLIC%20KEY-----