Added auth route with basic debug information only at this

time

README.md

@@ -1,6 +1,26 @@
 # eo-services
 
-created from template docker-image-template
+This is the API backend for the eo-services client
+
+## Authentication
+
+Using Desktop rules call \<hostname>/api/auth using an Adaptives Framework's URL 'POST' with Application Sercurity turned on and the following application/json request body:
+
+```json
+{
+  "data": {
+    "type": "authentication",
+    "id": "1",
+    "attributes": {
+      "host": "em5.verint.training"
+    }
+  }
+}
+```
+
+> Note: you will need to add the cacert for the API host to your Application Server environment otherwise you will receive a "Remote Exception thrown while invoking external URLhttps://\<yourhost>:443/api/auth Exception:sun.security.validator.ValidatorException: PKIX "
+>
+> Exception:sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
 
 ## Key Files
 

package.json

@@ -16,14 +16,17 @@
   "license": "ISC",
   "dependencies": {
     "axios": "^1.1.2",
+    "base64url": "^3.0.1",
     "compression": "^1.7.4",
     "cors": "^2.8.5",
     "dotenv": "^16.0.3",
     "express": "^4.18.2",
     "express-session": "^1.17.3",
     "helmet": "^7.0.0",
+    "jsonwebtoken": "^9.0.1",
+    "jwk-to-pem": "^2.0.5",
     "morgan": "^1.10.0",
-    "nodemon": "^1.14.9",
+    "nodemon": "^3.0.1",
     "query-string": "^7.1.1",
     "winston": "^3.9.0"
   },

src/api/routes/auth.js

@@ -0,0 +1,60 @@
+import { Router } from "express";
+import { logger } from "../../utils/index.js";
+import { decode } from "jsonwebtoken";
+import jwt from "jsonwebtoken";
+import base64url from "base64url";
+import jwkToPem from "jwk-to-pem";
+
+const router = Router();
+
+router.post("/", (req, res) => {
+  logger.debug("Auth route called");
+  logger.debug("Headers:");
+  logger.debug(JSON.stringify(req.headers, null, 2));
+  logger.debug("Query:");
+  logger.debug(JSON.stringify(req.query, null, 2));
+  logger.debug("Body:");
+  logger.debug(JSON.stringify(req.body, null, 2));
+  var authHeader = req.headers.authorization;
+  const prefix = "OIDC_id_token ";
+  if (authHeader.startsWith(prefix)) {
+    var token = authHeader.substring(prefix.length, authHeader.length);
+
+    // base64 should be URL encoded and padding should be removed.
+    token = base64url.fromBase64(token.replace(/=/g, ""));
+
+    const jwk = {
+      alg: "RS256",
+      e: "AQAB",
+      kid: "3818ed312ed8da55defd3a3fb48f56431ac1c02a3f6d2ad25c409fa0905457e9",
+      kty: "RSA",
+      n: "AKHh-mvG1TFYBn0nxSFPtU0PEG7fd27MGRWG92nP_FSXyLyMyIeUxKUWg5t1-2wK2ue8Z3lq8G9YqnoHfTmnKDT_zLESlKlAgx9KNeumedEQu18KyoGXK9eqnwNkV05sWGqMN4OXzp3s88o07ni2KDXiEv4UTBJP44VPDQlrophYNxA0H_BpedXUqd8J0hSheDwL_b_lktZDZB2UrgspadGPAsLLM7DRajmzB8sGXe0TZSD0jB2YnJAJZrNKzAbDeRPY4kHwt23_uM3Sa-cQe_mfQY1jkBJkz6ullCU-8twD3p3Ckdeq1g5duCD0vqPPXn5OCP8DsRpziOQSlv9p7c0=",
+      use: "sig",
+    };
+
+    var pem = jwkToPem(jwk);
+
+    try {
+      const verified = jwt.verify(token, pem, { algorithms: ["RS256"] });
+      logger.debug(`Verified [${JSON.stringify(verified, null, 2)}]`);
+    } catch (err) {
+      logger.error(
+        `verify failed [${JSON.stringify(
+          err,
+          null,
+          2
+        )}].  This is most likely because we modified the token to be URL Base64 compatible during processing`
+      );
+    }
+
+    const decoded = decode(token);
+    logger.debug(`Decoded [${JSON.stringify(decoded, null, 2)}]`);
+    res.send(decoded);
+    return;
+  } else {
+    //Error
+  }
+  res.send({});
+});
+
+export default router;

src/api/routes/index.js

@@ -1,10 +1,12 @@
 import { Router } from "express";
 import config from "./config.js";
+import auth from "./auth.js";
 import interactionsFlows from "./interactions-flow.js";
 import udg from "./unified-data-gateway.js";
 const router = Router();
 
 router.use("/config", config);
+router.use("/auth", auth);
 router.use("/interactions-flow", interactionsFlows);
 router.use("/unified-data-gateway", udg);