--- tags: mPOS --- # mPOS API Access Token (JWT) <style> .markdown-body{ max-width: 83%; } </style> [toc] ## Packages / Files ### tk3c.mpos.mailman - AuthorizedRequestFilter.java - Restricted.java (annotation) ### tk3c.mpos.packer - TokenUtil.java ### org.jose4j.* ## Abstract ### Login / Obtain token - tk3c.mpos.mailman.SCEmployee.java ```mermaid graph LR subgraph api [API] opAuth[Authenticate<br>Success] opTokenGen["new JWT"] end opDone[Success] op1[POST employee/login] op1-->|userId<br/>password|opAuth opAuth-->opTokenGen-->|"{...resultList:{..., token:...}}"|opDone ``` - token expiry = thd.sys_date + 1day + 4hour - e.g. if sys_date = 20211001, expiry = 202110020400 - token issue date time = DB SYSDATE  <!--  --> ----------------- ### Logout / Revoke token - tk3c.mpos.mailman.SCEmployee.java ```mermaid graph LR subgraph api [API] opAuth["Check<br/>Header"] opCleanBlacklist[Cleanup blacklist<br/><br/>remove blacklist's expired tokens] opBlacklist[Blacklists <br/> unexpired token] end op1[POST employee/logout] opDone[Success] op1-->opAuth-->opCleanBlacklist-->opBlacklist-->opDone ``` ----------------- ### Restricted Access / Use token example #### HTTP Header - Authorization: "Bearer &lt;token&gt;" ```mermaid graph LR subgraph api [API] opAuth{{"Check<br/>Header"}} opDB[(query DB)] opInvalidToken[Invalid/Expired Token] end opDone[Response] opFailed[Response<br/>result:5, msg: 'Session Expired'] op1[GET transaction/deliverNo/0025] op1-->opAuth opAuth-->|Valid|opDB-->opDone opAuth-->|Invalid/Expired|opInvalidToken-->opFailed ``` Valid token  Invalid token