Hi Everyone,
Is it possible to provide and use additional libraries with the custom enrichment of the JS?
We need to parse the JWT token(preferably using a JWT lib) from the headers to extract user and authentication details.
I am currently using a JS script, But I don’t see an option to add custom libraries to it.
Thank you.
It’s possible - but you’d need to make sure that the functions / objects you are referencing are bundled into the same single file.
It will depend a lot on the library you choose. It’d have to be something that works in pretty much pure JS, without relying on native nodejs libraries or modern browser APIs (which is probably pretty common for crypto).
There is technically a load() function for loading modules, but I’m not sure where it would map to in the file system for the enricher (you can maybe do some experiments with print(__DIR__)?).
So potentially easier/more reliable to use a bundler (e.g. rollup) to preprocess your file and embed everything into the one file (IIFE output).
If you don’t need the actual HMAC verification you might have an easier time just splitting the JWT and base64 decoding the payload with the assumption it’s valid. Maybe store the signature/header for verification at a later stage (though it may be hard to reconstruct the input identically to verify).
I don’t think you have atob but you should be able to base64 decode quite easily with a library, reaching into the Java standard library, or a simple custom implementation.
Thank you @jethron
Yes decoding a base64 encoded JWT is straight forward and doesn’t require any additional lib.
It’s the verification with an an external token makes it more challenging.
But I think I can try around with the custom implementations or somehow try to get the minified JS from CDN for the JWT lib.
I think I have also discovered that, java dependencies are available for script to use. So in that, I can try building a custom image with a Java JWT dependencies and then try to use that to verify.
Though all of these solutions are mostly assumptions. But let me try.