LogoLogo
  • Introduction
  • Getting Started
  • SenseCrypt Server
    • Starting the server
    • Configuration
    • Licensing and Authorization
    • Using the Swagger Docs page
    • Authorization
    • Using a JWT Token for Mobile Authorization
    • Getting information about your license
    • SenseCrypt eID
      • Generating your first SensePrint eID QR
      • Generating a raw SensePrint
      • Decrypting a raw SensePrint
      • Parsing a SensePrint
    • SenseCrypt Face PKI
      • Configuration
      • Accessing your Root Certificate
      • Generate your first Face Certificate
      • Verifying a Face Certificate
      • Encrypting Data/Keys using a Face Certificate
      • Face Decrypting Data/Keys
      • Face Signing
      • Face Signature Verification
    • Accessing the server for testing
    • Liveness Image Requirements
  • SenseCrypt Mobile SDKs
    • Licensing
    • Authorization for Online SDKs
    • Liveness and Face Capture
    • Android SDK
    • iOS SDK
  • Conclusion
  • FAQ & Search
  • Appendix
    • Privacy Preserving Biometric Verifiability
    • Principles of Privacy Preserving Face Verification
    • Foundational vs Functional eID
Powered by GitBook
On this page

Was this helpful?

Export as PDF
  1. SenseCrypt Server

Using a JWT Token for Mobile Authorization

Implement your own authorization mechanism for API access for online mobile SDKs

PreviousAuthorizationNextGetting information about your license

Was this helpful?

While the value of mobile_api_key you set in your secrets.json in the section provides a convenient way of authorizing requests to the server for mobile SDKs, at some point you might need to authorize users based on your own needs before they can access the SenseCrypt server APIs.

In another scenario, you might not wish to expose your mobile_api_key as a hard coded configuration parameter in your code and, instead, would prefer to authorize user's based on your own needs.

A JSON Web Token (JWT) provides a convenient mechanism to address these scenarios.

In the example below, it is assumed you have already authorized yourself using you api_key as was shown in the .

To generate a JWT, expand the /gen-jwt section and then click the Try it out button as shown below:

This will enable the following data to be editable:

{
  "instance_id": "123445"
}

If you need a generic JWT which is not bound to a device, you can use an empty body as shown below.

While this will work, it is recommended that you generate tokens for specific devices for better security.

{
}

The API call returns the JWT token. Now you can initialize the online mobile SDKs with the value Bearer your_jwt_token instead of using the mobile_api_key for auth.

For better security, you can also change the value of jwt_secret to some value that only you know.

The instance_id can be used to (the mobile SDKs provide a mechanism to get the ID for a device, this device ID should be used as a value for the instance_id parameter).

By default the lifetime of JWT tokens is 5 mins. You can by changing the configured value of jwt_expire_seconds in your server's configuration.

generate JWT tokens for a particular mobile device
change this
Configuration
previous section
Generating a JWT token