Before Create Token Worker Code Sample

JFrog Platform Administration Documentation

Content Type
Administration / Platform
ft:sourceType
Paligo

The following section provides a sample code for a Before Create Token worker.

export default async (context: PlatformContext, data: BeforeCreateTokenRequest): Promise<BeforeCreateTokenResponse> => {

    let status: CreateTokenStatus = CreateTokenStatus.CREATE_TOKEN_UNSPECIFIED;
    let message = 'Overwritten by worker-service if an error occurs.';

    try {
        // The in-browser HTTP client facilitates making calls to the JFrog REST APIs
        //To call an external endpoint, use 'await context.clients.axios.get("https://foo.com")'
        const res = await context.clients.platformHttp.get('/access/api/v1/config/token/default_expiry');

        // You should reach this part if the HTTP request status is successful (HTTP Status 399 or lower)
        if (res.status === 200) {
            const defaultExpiry = res.data.default_token_expiration;
            const tokenExpiry = data.tokenSpec.expiresIn;
            console.log(`Got default token expiry ${defaultExpiry}`);
            if (data.tokenSpec.scope.includes('applied-permissions/admin')
                    && defaultExpiry > 0
                    && (!tokenExpiry || (tokenExpiry > defaultExpiry))) {
                status = CreateTokenStatus.CREATE_TOKEN_STOP;
                message = 'Admin token generation with expiry greater that default expiry is not allowed';
            } else {
                status = CreateTokenStatus.CREATE_TOKEN_PROCEED;
            }
        } else {
            status = CreateTokenStatus.CREATE_TOKEN_WARN;
            console.warn(`Request is successful but returned status other than 200. Status code : ${ res.status }`);
        }
    } catch(error) {
        // The platformHttp client throws PlatformHttpClientError if the HTTP request status is 400 or higher
        status = CreateTokenStatus.CREATE_TOKEN_STOP;
        console.error(`Request failed with status code ${ error.status || '<none>' } caused by : ${ error.message }`);
    }

    return {
        status,
        message,
    }
};

Input Parameters

context

Provides baseUrl, token, and clients to communicate with the JFrog Platform (for more information, see PlatformContext).

data

The request with delete details sent by Artifactory.

{
  "tokenSpec": {
    "subject": "user",
    "owner": "jfwks@000",
    "scope": [
      "applied-permissions/user"
    ],
    "audience": [
      "*@*"
    ],
    "expiresIn": 3600,
    "refreshable": false,
    "extension": "extension",
    "description": "description",
    "includeReferenceToken": true
  },
  "userContext": {
    "id": "id",
    "isToken": false,
    "realm": "realm"
  }
}
Response
{
  "status": CreateTokenStatus.CREATE_TOKEN_PROCEED,
  "message": "Overwritten by worker-service if an error occurs.",
}
Possible Statuses
  • CreateTokenStatus.CREATE_TOKEN_PROCEED - The worker allows Artifactory to proceed with creating a token.

  • CreateTokenStatus.CREATE_TOKEN_STOP - The worker does not allow Artifactory to create a token.

  • CreateTokenStatus.CREATE_TOKEN_WARN - The worker provides a warning before Artifactory can proceed with creating a token.