getting the JWT token without sending login credential

[Behnam-Emamian]

let's check my scenario.

I want to add a SPA to DNN. (it has developed by react.js for example)

I just need to have JWT token, I dont want to send user and password by plan text login credential or Basic Authentication because the current user has been authonticated before in DNN and I just need to have token for it.

by this technique we can have a stand-alone web api by asp.net core 2.0 (using cool features like ODATA) and just use DNN AAA ;-)

what do you thing?

1-can we add this feature to your changes? 2-did you make a pull request for your changes to DNN source?

Best regards Ben

[udaychy]

Hi Ben Sorry for the delayed response. I looked into your request today.

I understand your scenario, somehow the current user has been authenticated in DNN and JWT can be generated for this user in server side but how the client side would know about its JWT, client side needs to show something to server side to claim for its JWT for the first time. From the second request onward, client can use that JWT as its identity but for the first request it does NOT have JWT so it has to show something else like login credentials to get that JWT.

If you came up with other approaches for your scenario then please let me know.

Best regards Uday

[Behnam-Emamian]

there is no client side in my scenario. there are 2 server sides.

1. DNN
2. Micro Services I want that microservices can validate the token.

I have develop it by make an shared key between DNN and Micro Services

[udaychy]

Okay. Sounds good :)