Hi,
I have a nodejs rest api server with requires including express etc. modules, it’s up and running and it needs to interact with cf scripts on lucee.
my os env is Ubuntu 18.04 and yes, I have lucee docker image installed and it’s working.
Question/problem, upon successful login, the api server would create a jwt token, how do we keep the token persistent so that when subsequent cf script calls the rest api server again for a specific router it would use the same token again ( to keep the state )?
Should I post some code here for further clarity?
Thanks.
So you want to use jwt-tokens for server to server communitcation?
You can add a expired-date in the jwt-payload and check against it, so you could create a new token for every request/or every time the existing one is expired.
But Im not sure, what excatly you want…
Yeah, David, your understanding is correct. I’m trying the other approach of passing the token via header. cfhttp does not seem to work with this particular rest api server, so, i’m using cfexecute, which I had limited success before. too bad, this morning, when I attempted to roll everything out with multiple cfexecute, none seem able to call the rest api server, I’ll look further.
Thanks for the idea.
Here’s more info.
nodejs-base rest api server
at route, /users
// create token upon correct login
…
// redirect to lucee script for next action
const ref = req.header("referer");
if (ref.includes('login.html') === true) {
res.redirect("http://localhost:8888/page2.cfm?token="+token);
}
at page2.cfm (lucee action 1 )
<form method="post"
action="page3.cfm?timeout=500&token=#urlencodedformat(URL.token)#">
...
</form>
at page3.cfm (lucee action 2 )
<cfexecute name='curl -s -X POST http://{myIPaddress}:4000/channels
-H "authorization: Bearer #URL.token#"
-H "content-type:application/json"
-d "otherParamNvalues" ' timeout="90">
</cfexecute>
lucee responses at page3:
SyntaxError: Unexpected token c in JSON at position 3
at JSON.parse ()
at parse (/home/dlit/samples/balance-transfer/node_modules/body-parser/lib/types/json.js:89:19)
SyntaxError: Unexpected token p in JSON at position 3
at JSON.parse ()
at parse (/home/dlit/samples/balance-transfer/node_modules/body-parser/lib/types/json.js:89:19)
I seems that somewhere the token were not passed correctly.
If such assessment is correct, which step messed up the token?
Additional info:
I’ve run the process at page3 as Unix/Linus/Ubuntu shell script, that works fine.
Thanks.
You urlencode the token, which could be a problem.
Try to use an hidden input field. 
prior to urlencode the URL, i didn’t, also, before that, I use hidden field. it seems the problem lies at the REST api server side. i appreciate the note tho.
it’s possiible my box has been compromised because now a shell script caller no longer works but it worked before.
Not sure if this helps, but I would be using cfhttp instead of cfexecute to make your post request, like so:
var otherParamValues = {
"string_one": "value_one",
"anArray": [{"thisisakey": "in a struct"}]
};
var http = new http(argumentCollection={
"method": "post",
"timeout": 90
});
http.setURL("http://{myIPaddress}:4000/channels");
http.addParam(type="header", name="Authorization", value="Bearer #url.token#");
http.addParam(type="header", name="content-type", value="application/json");
http.addParam(type="body", value=serializeJSON(otherParamValues));
var httpResult = http.send().getPrefix();
dump(var=httpResult);
However, I’m not sure you should be url encoding your token. If you do, and it’s not working, perhaps you could try to use it after calling urlDecode(url.token), and as David indicated, perhaps adding it to a hidden field would be better, though equally insecure. I assume your token expires quickly.
Alternatively, you could generate a new token, which is a little more work on the CF end of things, but isn’t too much work. I’ve used this one: GitHub - jsteinshouer/cf-jwt-simple: CFML component for encoding and decoding JSON Web Tokens (JWT) and it took me about an hour to get it working. Feel free to hit me up if you need some code.
@Redtopia thanks for the note. Yes, I’ve tried cfhttp before but it failed to connect to the nodejs-based REST api server, then I switched to cfexecute, but will give it another shot and using the format you suggested.
The back-end system had some critical issue in last few days, I managed to get it to work just now, so, I’m again in a position to test it with Lucee, will do and will update you folks in next day or so.
Much appreciated.
1 Like