Intercepting JWT Token in Cookies Instead of Authorization Header in Web Application
I am building a web application that uses JWT for authentication. I would like to pass the token in cookies instead of the Authorization header.
Is there a way to intercept the request and check the token from the cookies instead of the header? I tried overriding the OnPreDispatch() method and adding it to my dispatch class, but it seems like it never gets executed, as the response returns "Unauthorized" before reaching it.
ClassMethod OnPreDispatch(pURL As%String, pMethod As%String, ByRef pContinue As%Boolean) As%Status
{
Set token = %request.Cookies.Get("JWT-TOKEN")
If token = "" {
Set pContinue = 0Quit$$$ERROR($$$GeneralError, "Unauthorized: Token not found in cookie")
}
Do%request.SetCgiEnv("HTTP_AUTHORIZATION", "Bearer "_token)
Set pContinue = 1Quit$$$OK
}Comments
What is the authentication method for this web-application? I would suggest to you to have delegated authentication (ZAUTHENTICATE), get the Cookie there and inspect it
For example, in the sample here ZAUTHENTICATE checks OAuth2 token. You can check Cookie there
Adjust also GetCredentials accordingly
The authentication method was via username and password, I finally solved it by inserting a production in between, in order to forward the request to my webapp by putting the cookie in the header, as it expects.