How to add custom data to session
Third part can add a data to session by interface on FormsHub. Authetization of the requests are by signed JWT. The data is placed in content of request ussually in JSON format.
There is an url for adding data to session "http://<hostUrl>/api/Session/SetSessionData", where hostUrl is url of FormsHub. I have to send the request with JWT and data on it.
Certificate
JWT is signed and validated by the certificate. You need the certificate with a private key for a signing the JWT and the certificate with a public key for its validation. It is recomended to use RSA PKCS#1 signature with SHA-256 for a signing of JWT in order to you need the certificate which contains valid keys for it.
The certificate with public key is saved on server (in CGG).
The certificate with private key is saved on client and the client is responsible for secure storage.
Authorization data
JWT is used for authorization. Client application creates JWT and signs in by the certificate. The sign is created by RSA PKCS#1 signature with SHA-256. After that it saves JWT into header of request in property Authorization.
Property name | Description |
sessionID | sessionID of session which exists between client and FormsHub |
rendererID | name of HTML element for rendering of forms |
timeStamp | current time in format: yyyy-MM-ddTHH:mm:sszzz |
hash | SHA256 of data which is sent by request body (if the data does't exist, hash is empty) |
Encode JWT: eyJhbGciOiJSUzI1NiIsImtpZCI6IlF3QUhfY05QcnpuTUdNRnlvbGxlYmluWWZDVSIsInR5cCI6IkpXVCJ9.eyJzZXNzaW9uSUQiOiJzZXNzaW9uSUQtMTIzIiwicmVuZGVyZXJJRCI6InJlbmRlcmVySUQtMTExIiwidGltZVN0YW1wIjoiMjAxOS0wNS0wMlQxMDowOTowNiswMjowMCIsImhhc2giOiJxZ2tjUlRlbndScjcyNHk4dHpZc0lMRkNnc1plMkJMdXEyS1RmWDhaUStBPSJ9.TxtsSV0uSI00p82GSu7-Tk4wpEnY3uM_rI59aXdiA8uxhycSiS04SduSHMBW05MCjn0UFxFwPVhgvztmQtG95xqnqW-wvekTDoTHCDBrxajyqpUsuShJ1NrLXTXCmVByEmvrx97HcCmBZiiHeLdFcKiKEn5Ol_i-m0TAyx6r9PeWUvX1GWQlYM889PjOzdr07HbMNJGlMPaw2r7ewC1Jy0WMhQm1R6HVJVvbS0hcEj3N8lo5X5bXOaHkk5kBoloJzd05E03pKo0hmXTJiYFXWC8OL6BKvdzPwD94wRkKgISdRkXRsyF6j_x073ky6IuNKkL1ybbTrp2eKe9_HUC7oQ Decode JWT: header: { "alg": "RS256", "kid": "QwAH_cNPrznMGMFyollebinYfCU", "typ": "JWT" } payload: { "sessionID": "sessionID-123", "rendererID": "rendererID-111", "timeStamp": "2019-05-02T10:09:06+02:00", "hash": "qgkcRTenwRr724y8tzYsILFCgsZe2BLuq2KTfX8ZQ+A=" }
Development and testing of client code for creating and sending requests
There is method for testing and validations the requests. Its name is ValidateRequest and it is used for POST requests. The method accepts all requests and it does their validation.
Url for it is https://<host>/api/Session/ValidateRequest
Request content
Data which will be saved into session have to be in request body. Data is in JSON format. The key is identifier for the value in session. You can read values by keys in NDCode in eForms.
{ key1 : "value1", key2 : "value2", . . . }
You can reference the values of content in EForms by keys by method ThisForm.GetSessionData(string Key).
Code sample
This part of code creates and sends the request on FormsHub API. The code uses the method for validation your request (ValidationRequest). If you want to add data to session, you have to use method SetSessionData ("<host>/api/Session/SetSessionData").
using Microsoft.IdentityModel.Tokens; using System; using System.Collections.Generic; using System.IdentityModel.Tokens.Jwt; using System.Net.Http; using System.Net.Http.Headers; using System.Security.Cryptography; using System.Security.Cryptography.X509Certificates; using System.Text; static string ComputeSha256Hash(string rawData) { if (rawData.Length == 0) return ""; using (SHA256 sha256Hash = SHA256.Create()) { byte[] bytes = sha256Hash.ComputeHash(Encoding.UTF8.GetBytes(rawData)); return Convert.ToBase64String(bytes, 0, bytes.Length); } } static void Main(string[] args) { var requestData = "{ BootstrapToken : \"Content of BootstrapToken\", MyData:\"My data to session\" }"; var baseUrl = "your-base-formshub-address"; var setSessionDataUrl = "api/Session/SetSessionData"; var validateRequestUrl = "api/Session/ValidateRequest"; var sessionID = "sessionID-123"; var rendererID = "rendererID-111"; var pfxFile = @"path-to-PFX-file"; var pfxPass = "password-to-PFX"; var headerPayload = new Dictionary() { { "sessionID", sessionID }, { "rendererID", rendererID }, { "timeStamp", DateTime.Now.ToString("yyyy-MM-ddTHH:mm:sszzz") }, { "hash", ComputeSha256Hash(requestData) }, }; //---------------JWT-------------------- var signingCert = new X509Certificate2(pfxFile, pfxPass, X509KeyStorageFlags.Exportable | X509KeyStorageFlags.MachineKeySet); X509SecurityKey privateKey = new X509SecurityKey(signingCert); var tokenHandler = new JwtSecurityTokenHandler(); var tokenDescriptor = new SecurityTokenDescriptor { SigningCredentials = new SigningCredentials(privateKey, SecurityAlgorithms.RsaSha256Signature), }; JwtSecurityToken stoken = (JwtSecurityToken)tokenHandler.CreateToken(tokenDescriptor); stoken.Payload.Clear(); foreach (var p in payload) { stoken.Payload[p.Key] = p.Value; } string token = tokenHandler.WriteToken(stoken); //---------------JWT-------------------- HttpClient client = new HttpClient() { BaseAddress = new Uri(baseUrl) }; client.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue(token); var content = new StringContent(requestData, Encoding.UTF8, "application/json"); HttpResponseMessage response = client.PostAsync(validateRequestUrl, content).Result; //------------- validate request //HttpResponseMessage response = client.PostAsync(setSessionDataUrl, content).Result; //------------ add data to session string responseContent = response.Content.ReadAsStringAsync().Result; Console.WriteLine(responseContent); Console.ReadKey(); }
Postman sample
This sample uses a method for a validation of the request - "http://localhost:54039/api/Session/ValidateRequest".
If you want to use the sample, you have to change host address.
{ "info": { "_postman_id": "16fab9ae-ccd7-450e-9299-d00b6d4778b9", "name": "FormsHub", "schema": "https://schema.getpostman.com/json/collection/v2.1.0/collection.json" }, "item": [ { "name": "api/Session/ValidateRequest", "request": { "method": "POST", "header": [ { "key": "Authorization", "value": "eyJhbGciOiJSUzI1NiIsImtpZCI6IlF3QUhfY05QcnpuTUdNRnlvbGxlYmluWWZDVSIsInR5cCI6IkpXVCJ9.eyJzZXNzaW9uSUQiOiJzZXNzaW9uSUQtMTIzIiwicmVuZGVyZXJJRCI6InJlbmRlcmVySUQtMTExIiwidGltZVN0YW1wIjoiMjAxOS0wNS0wMlQxMDowOTowNiswMjowMCIsImhhc2giOiJxZ2tjUlRlbndScjcyNHk4dHpZc0lMRkNnc1plMkJMdXEyS1RmWDhaUStBPSJ9.TxtsSV0uSI00p82GSu7-Tk4wpEnY3uM_rI59aXdiA8uxhycSiS04SduSHMBW05MCjn0UFxFwPVhgvztmQtG95xqnqW-wvekTDoTHCDBrxajyqpUsuShJ1NrLXTXCmVByEmvrx97HcCmBZiiHeLdFcKiKEn5Ol_i-m0TAyx6r9PeWUvX1GWQlYM889PjOzdr07HbMNJGlMPaw2r7ewC1Jy0WMhQm1R6HVJVvbS0hcEj3N8lo5X5bXOaHkk5kBoloJzd05E03pKo0hmXTJiYFXWC8OL6BKvdzPwD94wRkKgISdRkXRsyF6j_x073ky6IuNKkL1ybbTrp2eKe9_HUC7oQ", "type": "text" }, { "key": "Content-Type", "name": "Content-Type", "value": "application/json", "type": "text" } ], "body": { "mode": "raw", "raw": "{ BootstrapToken : \"Content of BootstrapToken\", MyData:\"My data to session\" }" }, "url": { "raw": "http://localhost:54039/api/Session/ValidateRequest", "protocol": "http", "host": [ "localhost" ], "port": "54039", "path": [ "api", "Session", "ValidateRequest" ] } }, "response": [] } ] }