How theJWT token to azure authentication is gotten?

Hi Speckle community.
I want to ask you the following.

I am using Azure AD authentication for Speckle v1. I want to know how the JWT is obtained in the process when I make an auth request to: https://<speckle-server-url>/api/accounts.
I am talking specifically about this Authorization: JWT <token value>here:

I am doing some test using POSTMAN, and when I use the above JWT, I manage to authenticate to the https://<speckle-server-url>/api/accounts endpoint previously adding these headers:

  • Content-Type: application/json, text/plain, */*
  • Authorization: JWT <token value>, this is the JWT token itself.

So I am trying to get this token by myself from postman as well, by using the Service principal client id and client secret and the azure tenant id I configured to enable Azure AD authentication on my speckle server, following these steps

With my tenantId, client_id and client_secret I got succesfully the azure token, as we can see here:

But when I use that token to authenticate against https://<speckle-server-url>/api/accounts speckle endpoint I cannot succeed.

Do you know how can I get the proper token like that one shown at the inspect login picture above to authenticate to speckle v1?

Hey @bgarcial, complex question. Unfortunately, Speckle 1.0 sucks at this and is very inflexible in this regard. You can check how desktop account manager works for getting your account and storing it locally, but overall it’s not following best practices.

The good news is 2.0 is 10x better. We’ve documented how you can either

  1. Create your own personal access tokens: Personal Access Tokens | Speckle Docs
  2. Register and authorize a third party app: Creating Your Own App | Speckle Docs

Depending on your use case, I could try and be more helpful. Is there anything keeping you on 1.0?

1 Like

Hi, @dimitrie thanks for getting back to me.
So far I am still working with 1.0 version. I am running some tests to authenticate against this instance I described above.
But I realized instead of using an AZURE access token (which one is I was expecting to use by the authentication time), I can use my Speckle API token to succeed in my attempt to log in.
Just a double check, could you please confirm to me which is the lifetime for this user API Token? I heard it is one year.

On the other hand, is weird speckle token API has to be used here since I am requesting a login authentication via Azure AD. Someone explained to me Speckle v1 internally takes the azure token but then creates or uses this token to let me being authorized … Not sure if I understood well this process.

1 Like