API JWT Pivate Key and authorisation steps

API & Customization issues
1

Hello everyone, I have been assigned the task of integrating Passbolt with another workflow system.
The token acquisition process is new to me.

  1. But to create a challenge, do I provide the user ID from the Passbolt system? Can I ask the administrator for it, for example?

  2. Then, on my side, I generate a private and public key (this is not generated in Passbolt), and then I can ask the administrator to link the public key to the Passbolt account?

  3. In the next steps, I sign the challenge with my private key and encrypt it with the public key of the passbolt /auth/verify.json server.

  4. Question: what does this service return, to which key? auth/jwt/jwks.json

I would be very grateful for your answers.
Best regards!

2

G’day Adam.

You will need to create a challenge with your user ID and you will need a local copy of your private key.
(Your user_id is visible in the URL when you select your user in the Users & Groups admin page, or a bunch of other ways)

The act of creating your user will require you to either use the Browser Extension to create a keypair, or you provide a key you already generated to the Browser Extension as part of the user onboarding. Definitely don’t skip the user creation step and think you’ll create a user via mariadb as that way Madness Lies
i.e https://github.com/gyaresu/gareth-passbolt/blob/main/scripts/gpg/generate-demo-keys.sh

This JWT Auth documentation link is currently not indexed in the menu of passbolt but it’s public so I’ll link it.
https://www.passbolt.com/docs/development/authentication/

This is my personal testing repo minimum JWT Auth example for learning how to handle the API.
https://github.com/gyaresu/passbolt-api-tools/blob/main/jwt_auth_minimum_example.py

Happy to answer any questions you have.

Cheers
Gareth

3

Thank you very much for the information.

So, if I understand correctly, the administrator (because they have access to Passbolt) creates an account and uses a browser plugin to generate a private and public user key?
Then they give it to me as a developer so that I can use it to encrypt the challenge, right?
I apologise for asking so many questions, but this is a new topic for me and my biggest problem is where to get this private key.

Best regards.

1 Like
4

Hello @Adam_Krol, please don’t be sorry and don’t hesitate to ask as many questions as needed :slight_smile:

So, actually if you don’t have any access to passbolt itself, yes you could ask any administrators to create an account for you. What I’d recommend though is, you perform the user registration so you are the possessor of your private key/passphrase. You can decide to let the browser extension generate the key for you or import yours :slight_smile:

I also wrote this markdown, maybe this could help :wink:

1 Like