How to do workflow api authentication using jwt in java, please help me on this.i need required code changes for client ad server side for this?

how to do workflow api authentication using jwt in java, please help me on this.i need required code changes for client ad server side for this?

Have you already looked at Temporal Server security / Authorization?

@SergeyBykov
Yes, I have gone through this (Temporal Server security | Temporal)?
but i am using java sdk so i am looking for java library only, so i could make changes for client/server side changes in java lang only to achieve authentication.

I have found these but all are in go lang only
[common/authorization/authorizer.go]
[common/authorization/claimMapper.go]

i have found this sample git project to do authorizer but this is also in go lang

is java support for this is work in process or some exists in some other code base/documentation?

Authorizer and ClaimMapper are server plugin interfaces, and hence the plugins need to be written in Go. Default plugins, NewDefaultJWTClaimMapper() and NewDefaultAuthorizer(), we hope, cover most of the typical authorization scenarios or, worst case, can be tweaked to fit somebody’s needs easily.

You can use Java SDK to send Bearer tokens to the server for authorization via a gRPC interceptor.

@SergeyBykov Thanks for the quick response, I have some more questions on implementing JWT based authentication.

I am using the docker image and have gone through the information provided at customization-samples/extensibility/authorizer at master · temporalio/customization-samples · GitHub.

Do we have to build our own temporal image to enable golang plugins?

We do not use go lang for development, is it possible to enable authentication with some server configurations? Like some property/configuration files?

@SergeyBykov Could you please suggest the solution of my last query?
I am waiting for your response.Thanks.

In general, yes, building your own image is a more flexible way to configure Temporal server with all the available Server Options. To make cases like yours easier though, I’ll submit soon a long overdue PR for selecting noop or default authorizer and claim mapper via config settings.

I submitted a draft PR - Add config parameters for selecting authorizer and claim mapper by sergeybykov · Pull Request #1291 · temporalio/temporal · GitHub. Will work on getting it merged after we return from the long weekend.

PR has been merged.

1 Like