JWT token configuration

Integration questions/issues
Post Reply
digimip09
Posts: 7
Joined: Tue Nov 17, 2020 1:05 pm

JWT token configuration

Post by digimip09 » Wed Nov 18, 2020 9:24 am

Hello,

I have installed OnlyOffice Document Server (OnlyOffice Docs) on Windows and run Java Example with these instructions : https://api.onlyoffice.com/editors/example/java.

I would like to enable JWT token on my Document Server, so I modified my "local.json" file as shown below :

"token": {
"enable": {
"request": {
"inbox": true,
"outbox": true
},
"browser": true
},
"inbox": {
"header": "Authorization"
},
"outbox": {
"header": "Authorization"
}
},
"secret": {
"inbox": {
"string": "my_secret"
},
"outbox": {
"string": "my_secret"
},
"session": {
"string": "my_secret"
}
}

But I don't know what to do next... Do I need to set the token value ? Or can I already see it somewhere ?

Thanks in advance for your answers :)

Carl
Posts: 570
Joined: Thu Apr 12, 2018 10:00 am

Re: JWT token configuration

Post by Carl » Fri Dec 04, 2020 1:30 pm

Hello digimip09,

Sorry for the delayed reply.

Document Server forms the token automatically when sending messages to the callback handler. You can see examples here (Outgoing Requests section):
https://api.onlyoffice.com/editors/signature/request

Note: you also need to enable JWT in the example app:
https://github.com/ONLYOFFICE/document- ... erties#L13

digimip09
Posts: 7
Joined: Tue Nov 17, 2020 1:05 pm

Re: JWT token configuration

Post by digimip09 » Tue Dec 08, 2020 9:53 am

Hello Carl,

Thank you for your response. I enabled the token in my example app.

But after that, I can upload a file to my Document server via HTTP POST without any token given as parameter. This way, anyone can send requests to the Document Server (am I right ?), but I would like to avoid this... Is it possible ?

I red this part of the documentation about token in request body : https://api.onlyoffice.com/editors/signature/body

But I don't know how to retrieve the token ?

Carl
Posts: 570
Joined: Thu Apr 12, 2018 10:00 am

Re: JWT token configuration

Post by Carl » Fri Dec 11, 2020 2:56 pm

Hello digimip09,

You also need to enable JWT on Document Server side as well. If it is enabled, you won't be able to send any POST request to DS or open any document without a token.

You may start with enabling JWT in header:
https://api.onlyoffice.com/editors/signature/

Note that you need to restart all DS services for the config changes to take effect.

digimip09
Posts: 7
Joined: Tue Nov 17, 2020 1:05 pm

Re: JWT token configuration

Post by digimip09 » Tue Dec 15, 2020 7:24 am

Hello Carl,

I've modified my "local.json" file (as you can see below). And I restarted all DS services but I still can't see the token in the requests...

{
"services": {
"CoAuthoring": {
"sql": {
"dbHost": "localhost",
"dbUser": "onlyoffice",
"dbPass": "onlyoffice",
"dbName": "onlyoffice"
},
"redis": {},
"server": {
"port": "8000"
},
"utils": {
"utils_common_fontdir": "C:/Windows/Fonts"
},
"token": {
"enable": {
"request": {
"inbox": true,
"outbox": true
},
"browser": true
},
"inbox": {
"header": "Authorization"
},
"outbox": {
"header": "Authorization"
}
},
"secret": {
"inbox": {
"string": "my_secret"
},
"outbox": {
"string": "my_secret"
},
"session": {
"string": "my_secret"
}
}
},
"SpellChecker": {
"server": {
"port": "8080"
}
}
},
"rabbitmq": {
"url": "amqp://guest:guest@localhost"
},
"license": {
"license_file": "C:/ProgramData/ONLYOFFICE/Data/license.lic"
}
}

I'm probably missing something :/

Carl
Posts: 570
Joined: Thu Apr 12, 2018 10:00 am

Re: JWT token configuration

Post by Carl » Tue Dec 15, 2020 10:53 am

Hello digimip09,

When JWT is enabled, requests from DS to callback handler are signed with token. Please see examples here:
https://api.onlyoffice.com/editors/sign ... 20requests

Post Reply