session.jwt.create
The session.jwt.create command creates a new Java web token (JWT) based on information provided in the command.
It can be used to generate a token that has access to one or more things utilizing a role that has been previously defined in the system. For more information about JWT, see https://jwt.io/.
TR50 Request
{
"cmd": {
"command": "session.jwt.create",
"params": {
"whoami" : "my_user@my_domain.com",
"role" : "viewonly",
"thingKeys" : ["thingKey1","thingKey2"],
"thingIds" : ["53398c17d15a702a78000003"],
"viewTags" : ["viewtag1"],
"updateTags" : ["updatetag1"]
}
}
}
Request Parameters
|
Name |
Type |
Required |
Description |
|---|---|---|---|
|
whoami |
String |
Yes |
A string identifier that identifies who the JWT is being issued to, this value will be visible as the "WhoAmI" field in the API logs for auditing purposes with a prefix of "jwt:". |
|
role |
String |
Yes |
The key for a previously defined role in the system, the command permissions and security tags of this role will be applied to all commands sent via the JWT. |
|
thingKeys |
String array |
No |
This field can contain an array of thing keys, if specified, the JWT will be restricted to only act on the specified things and will not have access to any other things.* |
|
thingIds |
ObjectId array |
No |
This field can contain an array of thing IDs, if specified, the JWT will be restricted to only act on the specified things and will not have access to any other things.* |
|
viewTags |
String array |
No |
This field can contain an array of security tags, if specified, the JWT will be restricted to only be able to view objects based on the specified security tags.** |
|
updateTags |
String array |
No |
This field can contain an array of security tags, if specified, the JWT will be restricted to only be able to view or update objects based on the specified security tags.** |
|
ttl |
Integer |
No |
The TTL for the JWT, the value is specified in seconds, with a default value of 1 hour, and a maximum value of 24 hours. |
The list of thing keys and thing Ids will be concatenated, thus both arrays (or neither) can be used. If neither thingKeys nor thingIds are specified, then the JWT will have full access based on its associated role.
If security tags are specified in the JWT token, it will overwrite any security tags that may have been specified in the role, meaning the security tags on the role specified in the JWT token will be ignored.
TR50 Response
If the command is sent successfully a success message and params list is returned. Otherwise, an error and error message will be returned.
{
"cmd": {
"success": true,
"params": {
"token": "5iOiJIUzI1Ni.......IsInR5cCI6Ik"
}
}
}
Response Parameters
Response results will differ between a user-based session and an application-based session.
|
Name |
Type |
Description |
|---|---|---|
|
token |
String |
The JWT generated by the system. |