Hello Community!
So i’m doing a web request and I’m getting an encrypted string which I’d like to decrypt and put into variables or a secret, just not been able to find any documentation on decrypting.
Hi Haider!
Could you provide more details about the encrypted string you’re receiving? For example, do you know what type of encryption is used?
Hello Nina!
I’m getting a A AES 256 encrypted string, I have come as far to know that I can’t do this in app and need to fix this by using a service. I’m just unsure how to do that at this point, I need to decrypt a url, username and password from the string.
Hi Haider!
When it comes to decryption, it’s worth noting that there are no built-in libraries available for services. However you can add CryptoJS as a script tag to your environment and use that to decrypt the string in an app.
Link to Appfarm documentation on how to include a custom library: Environments | Appfarm Documentation
Link to CryptoJS script: crypto-js - Libraries - cdnjs - The #1 free and open source CDN built to make life easier for developers
Note: If you use an external library you will get an error about CryptoJS not being defined. You can ignore this as this is a false positive.
Reach out if you have more questions!
Hello again, so we are not able to use the built in jsonwebtoken for decryption?
Hi!
What is the use case?
jsonwebtoken can be used to decode a jwt, typically when getting an id_token in an oauth 2 flow. The id_token is normally not encrypted,but encoded. And can be decoded using jsonwebtoken.
Encryption/decryption requires external javascript libraries (and it does not need to be decrypted in a Service, it may be done in a function or run code in an App)
As mentioned before in our meeting it’s a A AES 256 encrypted string, you pointed to jsonwebtoken.
Hello Nina!
Following is the what i’m currently trying to work with, but not sure how to get that, the decoded value should have a customerBaseUrl, username and password which i’d like to to put into different secrets.
const CryptoJS = require(‘crypto-js’);
// Encrypted token (Base64 string)
const encryptedToken = ‘YourEncryptedTokenHere’;
// AES-256 key (must be 32 bytes / 256 bits)
const secretKey = ‘Your32ByteSecretKeyHere1234567890’;
// Decrypt
const decrypted = CryptoJS.AES.decrypt(encryptedToken, CryptoJS.enc.Utf8.parse(secretKey), {
mode: CryptoJS.mode.ECB,
padding: CryptoJS.pad.Pkcs7 // PKCS5 == PKCS7 for AES
});
// Convert to UTF-8 string
const decodedToken = decrypted.toString(CryptoJS.enc.Utf8);
console.log(‘Decoded Token:’, decodedToken);
Hi!
Is the use case that you get this encrypted string back as part of a loginflow (Azure AD, B2C etc)? We need to know this, because you do not have full coding freedom as part of the (oauth2) login flow, since this is what grants you access to the appfarm app and we need to make sure that authentication flow cannot be tampered with.
Also, secrets of type “Oauth2 value” may only hold values received during this login flow. Oauth 2 login flow does a sequence (/authorize and /token, where the latter request give back a id_token (json web token)) that normally contains the user’s email, firstname etc. And often an access_token is also received. You may store all these using secrets
Is this the use case, or is this some other use case where you get a jwt after the user has logged in to the appfarm app, and you need to decode it?
This is a encrypted string i get from the backend and have nothing to do with outh2 or b2c.
Aha, got it!
In that case, you cannot use secrets (unless you want to store something that is not unique per user, i.e. a global value such as an access_token for integration), but should store the values as data in the database.
Reason i want to put this on as secrets is becasue it’s username and password towards the backend and it varies depends on the customer logging in, different customer get different username and password.
Hi!
I can see the need to have some built-in features in Appfarm to make it easy to store such values. I’ve registered a feature request internally on it!
However, for now, you may store these data in the database. I would definitely suggest a separate object class for this (connected to the User) and adding conditional permissions to the object class (only allowed to e.g. read or update for the connected user).
I have made a workaround for it and got it to work. So what i did is make a dynamic secret and put it into all web requests and then i called a service and it changes the secret based on the app variable. In this case i only need to change 1 line of code if we get a new customer instead of manually changing every web request.