Updating Your APIs to Generate and Require JWTs

In order for Thriftly to pass JWTs to your APIs’ users, you must update the services you use as Thriftly APIs to contain:

• A struct to be used as your service’s JSON Web Token. The Thriftly Server will pass users this token (when they successfully call the Login function explained below) and then require the token (using the Auth function explained below) when users perform subsequent API calls.

• The Login attribute and function. When a user completes a call to this function (e.g. by providing their username and password), Thriftly passes the user a JWT that is embedded in their subsequent API calls.

• The Auth attribute and function. The Auth function looks for and validates the JWTs created by your Login function. When a user calls another function within your service (for example, to update or delete a customer’s record from your database), Auth confirms the user’s call contains a valid JWT before allowing them to access other functions.

Below, we’ll provide basic examples of how to update .NET/C#, Java, DataFlex, and Delphi services to include a JWT struct, the Login attribute and function, and the Auth attribute and function. Select the appropriate link from the list below to begin integrating JWT authorization into your service:

• Adding JWT Authorization Within a .NET/C# Service

• Adding JWT Authorization Within a Java Service

• Adding JWT Authorization Within a DataFlex Service

• Adding JWT Authorization Within a Delphi Service

Adding JWT Authorization Within a .NET/C# Service

To update a .NET/C# service to include JWT-based authorization:

1. Open your service within Microsoft Visual Studio.

2. Update your service to include a new JWT struct, as shown below. This struct defines the claims (unique, user-identifying information) that your JWT will include. Claims often contain information about a user’s session, including a username or ID and a login expiration. Thriftly does not require you to pass any specific claims within your users’ JWTs, though we recommend adding at least a login expiration. If you’d like more information on what claims you can add to your JWTs and how to use them, click here:

3. Update the class contained within your service to include a new Login function, as shown below. Note that you can modify this Login function to suit your organization’s login needs and conventions. For example, instead of validating a user’s email, you could validate a user’s username and password. Additionally, you must modify the JWT your login function returns to define the claims you implemented in step 2 above:

4. Update your class to include a new Auth function, as shown below:

When you’ve finished, the start of your service (after the using Thriftly.Server directive) should look similar to the code below:

At this point, you must finalize your JWT configuration within Thriftly Developer and test your implementation using our API testing interface. To do so, jump to the Finalizing and Testing Your JWT Configuration section.

Adding JWT Authorization Within a Java Service

To update a Java service to include JWT-based authorization:

1. Open your service within Eclipse Java.

2. Update your service to import the Thriftly AuthAttribute and UnsecuredAttribute and include a new JWT struct, as shown below. Your JWT struct defines the claims (unique, user-identifying information) that your JWT will include. Claims often contain information about a user’s session, including a username or ID and a login expiration. Thriftly does not require you to pass any specific claims within your users’ JWTs, though we recommend adding at least a login expiration. If you’d like more information on what claims you can add to your JWTs and how to use them, click here:

3. Update the original class contained within your service to include a new Login function, as shown below. Note that you can modify this Login function to suit your organization’s login needs and conventions. For example, instead of validating a user’s username and password, you could simply validate a user’s email. Additionally, you must modify the JWT your login function returns to define the claims you implemented in step 2 above:

4. Update your class to include a new Auth function, as shown below:

When you’ve finished, the start of your service should look similar to the code below:

At this point, you must finalize your JWT configuration within Thriftly Developer and test your implementation using our API testing interface. To do so, jump to the Finalizing and Testing Your JWT Configuration section.

Adding JWT Authorization Within a DataFlex Service

To update a DataFlex service to include JWT-based authorization:

1. Open your service within DataFlex Studio.

2. Update your service to include a new JWT struct, as shown below. This struct defines the claims (unique, user-identifying information) that your JWT will include. Claims often contain information about a user’s session, including a username or ID and a login expiration. Thriftly does not require you to pass any specific claims within your users’ JWTs, though we recommend adding at least a login expiration. If you’d like more information on what claims you can add to your JWTs and how to use them, click here:

3. Update your service object to include a new Login function, as shown below. Note that you can modify this Login function to suit your organization’s login needs and conventions. For example, instead of validating a user’s username and password, you could simply validate a user’s email. Additionally, you must modify the JWT your login function returns to define the claims you implemented in step 2 above:

4. Update your class to include a new Auth function, as shown below:

When you’ve finished, the start of your service should look similar to the code below:

At this point, you must finalize your JWT configuration within Thriftly Developer and test your implementation using our API testing interface. To do so, jump to the Finalizing and Testing Your JWT Configuration section.

Adding JWT Authorization Within a Delphi Service

To update a Delphi service to include JWT-based authorization:

1. Open your service within Delphi RAD Studio.

2. Update your service to include the uses DateUtils and System.SysUtils directives and a new JWT struct, as shown below. Your JWT struct defines the claims (unique, user-identifying information) that your JWT will include. Claims often contain information about a user’s session, including a username or ID and a login expiration. Thriftly does not require you to pass any specific claims within your users’ JWTs, though we recommend adding at least a login expiration. If you’d like more information on what claims you can add to your JWTs and how to use them, click here:

3. Update the class contained within your service to include a new Login and Auth function, as shown below. Note that the UnsecuredAttribute positioned above the Login function is necessary to allow users to log in to your service and receive a JWT.

4. Update your service’s implementation to include both the Login and Auth functions, as shown below. Note that you can modify the Login function to suit your organization’s login needs and conventions. For example, instead of validating a user’s username and password, you could simply validate a user’s email. Additionally, you must modify the JWT your login function returns to define the claims you implemented in step 2 above:

When you’ve finished, your service should look similar to the code below:

At this point, you must finalize your JWT configuration within Thriftly Developer and test your implementation using our API testing interface. To do so, jump to the Finalizing and Testing Your JWT Configuration section.