Add jwt-parser function v1.0.0 for JWT token parsing in SonataFlow #4
Conversation
|
@ishanjogi89 The function catalog applies to Serverless Workflow 1.x.x and above, but it looks like you’re mixing versions in your function. Also, the function should be calling a task internally, whereas yours is calling itself—which obviously won’t work. To fix this, your function should actually be a set task that assigns a claims property using a jq expression to extract the claims from the token provided as input. |
|
Thank you for the feedback, @cdavernas ! You're absolutely right about the version mismatch and recursive call issue. I've updated the function specification to:
The function now properly decodes JWT tokens using pure jq expressions and can extract specific claims as requested. |
Signed-off-by: Ishan Jogi <[email protected]>
… `dsl: 1.0.0-alpha1`
2. **Replace the recursive call** with a proper `set` task using jq expressions
3. **Implement JWT decoding with jq**: The function now uses `split(".")[1] | @base64d | fromjson` to decode the JWT payload
4. **Add optional claim extraction** via `claimPath` parameter using jq path navigation
Signed-off-by: Ishan Jogi <[email protected]>
Signed-off-by: Ishan Jogi <[email protected]>
Signed-off-by: Ishan Jogi <[email protected]>
Signed-off-by: Ishan Jogi <[email protected]> Signed-off-by: Ishan Jogi <[email protected]>
ishanjogi89
force-pushed
the
FLPATH-2212
branch
from
70e84fd to
993778a
Compare
functions/jwt-parser/1.0.0/README.md
Outdated
| version: 1.0.0 | ||
| do: | ||
| - decodeJWT: | ||
| use: jwt-parser |
There was a problem hiding this comment.
That should actually be call 😉
functions/jwt-parser/1.0.0/README.md
Outdated
| version: 1.0.0 | ||
| do: | ||
| - extractSubject: | ||
| use: jwt-parser |
functions/jwt-parser/1.0.0/README.md
Outdated
| claimPath: ".sub" | ||
| # Returns: { claims: {...}, result: "user-id-123" } | ||
| - extractNestedClaim: | ||
| use: jwt-parser |
functions/jwt-parser/1.0.0/README.md
Outdated
| version: 1.0.0 | ||
| do: | ||
| - parseRawToken: | ||
| use: jwt-parser |
functions/jwt-parser/1.0.0/README.md
Outdated
| with: | ||
| token: "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIn0.signature" | ||
| - parseBearerToken: | ||
| use: jwt-parser |
| document: | ||
| type: object | ||
| description: The parsed JWT payload or extracted claim as a JSON object | ||
| use: set |
There was a problem hiding this comment.
use is not part of SW 1.0.0, in that context. You can remove it 😉
|
@ishanjogi89 Don't you think it would be better if the function returned either an array containing the extracted claims, when |
|
@JBBianchi @ricardozanini would you be so kind to review the proposal? |
There was a problem hiding this comment.
@ishanjogi89 Thanks for the contribution. This is interesting.
I think a JWT parser can find some useful use cases to many implementations out there.
You mentioned SonataFlow in your PR description. I'm a maintainer of this project, and we are not currently working on upgrading the runtime engine to SWF 1.0.0.
I don't think this function will help you achieve what you need on the implementation side. Unfortunately, version 0.8 has many limitations - one of the reasons why we upgraded the spec.
However, you can add an extension as a custom function to the SonataFlow engine here: https://github.com/apache/incubator-kie-kogito-runtimes/tree/main/kogito-serverless-workflow.
Regarding the PR, once @cdavernas' comments are handled, it should be fine. Great addition, thanks again!
Signed-off-by: Ishan Jogi <[email protected]>
ishanjogi89
force-pushed
the
FLPATH-2212
branch
from
4ac0ef5 to
ad8c9fa
Compare
Thanks @ricardozanini for the clarification! You're absolutely right about SonataFlow's current SW 0.8 status. We actually built this with a dual approach:
The catalog entry serves the broader Serverless Workflow community and will be ready when SonataFlow eventually upgrades to SW 1.x. Thanks for the guidance on the custom extension approach - that's exactly what we implemented here : apache/incubator-kie-kogito-runtimes#4021 |
Pull Request Template
Thank you for your contribution to the Serverless Workflow Catalog! To help us review and merge your pull request, please provide the following information:
Description
Briefly describe the changes made in this pull request:
This PR adds a new JWT token parsing function to the SonataFlow functions catalog. The function enables workflows to parse JWT tokens and extract user claims for personalized workflow responses, supporting the implementation of apache/incubator-kie-issues#1899.
Related Issues
Link to related issues or tasks:
Type of Change
Please check the type of change your pull request introduces:
Function/Version Affected
Specify the function and version affected by this pull request (if applicable):
Implementation Details
Provide a summary of the implementation details:
New Features:
parse,extractUser,extractClaim$WORKFLOW.headersBug Fixes: N/A
Changes to Existing Functions: N/A
Dependencies Added:
jwt-parsercustom function type in SonataFlow runtimeAdditional Information
Provide any additional information or context related to this pull request:
This function specification supports the exact use case described in apache/incubator-kie-issues#1899, where workflows need to extract user information from JWT tokens for personalized responses.
Example usage from the issue:
{ "functions": [ { "name": "extractUser", "type": "custom", "operation": "jwt-parser:extractUser" } ], "states": [ { "name": "extractUserName", "actions": [ { "functionRef": { "refName": "extractUser", "arguments": { "token": "${ $WORKFLOW.headers.\"X-Authorization-acme_financial_auth\" }" } } } ] } ] }The function is implemented as a Quarkus addon in the SonataFlow runtime and this catalog entry provides the standard specification for its usage.
Checklist
Please ensure your pull request meets the following criteria:
Thank you for contributing to the Serverless Workflow Catalog! Your efforts are greatly appreciated.