POC - @Pratik Jain @Abhinav Jha

Objective: Auth required from internal/external systems to integrate Ask SDK / Web Package

JWT for client auth:

The tenant is supposed to generate a JWT for a user, signed with client_secret (client_secret will be provided by ASK service), assuming the user is authenticated at the tenant end.

Note: Ask Service will share (client_id, client_secret) pair for the host service beforehand

JWT payload schema:

{
	"user_profile_id":  // user identifier (integer, string) <**required**>
  "platform":         // platform from which the request is being made <**required**>
	"klass":            // grade/class of student <**required**>
	"client_name": ""   // for analytics purpose, useful if different apps use same client_id <not necessary>
	"name": ""          // user's name, not a mandatory field 
}

Tenant needs to pass the client_id and generated user JWT to the Ask SDK or Web package. Data required from the tenant:

1. Client id
2. JWT

Response format:

{
	"data": {
			"client_id": "<your-client-id-here>",
			"token": "<your-JWT-token-here>",
	},
	"status": "success",
	"status_code": 200,
	"message": "",
	"error_code": ""
}

Python snippet for JWT generation and validation:

1. Token generation

import jwt

token_payload = {
					"user_profile_id": "<user-profile-id>",
					"platform": "<platform>",
					"klass": "<grade>"
		}

jwt.encode(payload=token_payload, key=client_secret, algorithm='HS256')    // client_secret -> will be shared by ASK service

1. Token Validation

import jwt

options = {
        'verify_signature': True,
        'verify_exp': True
    }

jwt.decode(jwt=token, key=client_secret, algorithms=['HS256'], options=options)