How to replace Basic Authentication of usrid & pwd with the JWT token

[ghost]

I successfully configured this npm with basic authentication, with a user id and password. Now i would like to replace with JWT tokens from z/osmf. Is there is a sample syntax program for it pls?

[traeok]

Hi @inv9wj1,

For clarification, are you developing a program using Zowe CLI (or its SDKs)? Or are you using Zowe CLI with a Team Configuration file set up for your mainframe instance?

If you are developing using Zowe CLI/SDKs, you can provide the JWT token in the tokenValue property of a session, and then you can use that session with our available APIs. For example, with the z/OS Files SDK:

const profInfo = new ProfileInfo("zowe");
await profInfo.readProfilesFromDisk();
const zosmfProfAttrs = profInfo.getDefaultProfile("zosmf");
const zosmfMergedArgs = profInfo.mergeArgsForProfile(zosmfProfAttrs, { getSecureVals: true });
const session = imperative.ProfileInfo.createSession(zosmfMergedArgs.knownArgs);

// Specify JWT token type and value on the session object.
session.ISession.tokenType = "jwtToken";
session.ISession.tokenValue = "<your JWT here>";

const dataset = "ZOWEUSER.PUBLIC.YOUR.DATASET.HERE";
const options: IDownloadOptions = { failFast: false };
const response = await Download.allMembers(session, dataset, options);

If you are using a z/OSMF profile with Zowe CLI and want to authenticate using JWT, you can specify a token type and token value on your profile. The provided token will be used to authenticate future requests.

Note: If your environment supports using secure credentials with Zowe CLI, I would recommend saving the properties securely so that they are not shown in plaintext. Use the following Zowe CLI commands to store the tokenType and tokenValue securely:

zowe config set "profiles.zosmf.properties.tokenType" "jwtToken"
zowe config set "profiles.zosmf.properties.tokenValue" "<your JWT here>" --secure

Otherwise, you can provide the tokenType and tokenValue properties on the profile, directly within the Team Configuration file:

"zosmf": {
    "type": "zosmf",
    "properties": {
        "tokenType": "jwtToken",
        "tokenValue": "<your JWT here>"
    }
}

[t1m0thyj]

@inv9wj1 Hello, when creating the session object, please try adding type: "token" as in the example below:

  return new Session({
    hostname: "tplavipa.1dc.com",
    port: 443,
    // Specify LTPA token type and value on the session object.
    type: "token",
    tokenType: "LtpaToken2",
    tokenValue: ltpaToken,
  });

The session needs to have a type specified: "basic", "token", "cert-pem" etc in order to determine whether basic or token auth should be used.

[ghost]

@traeok Thank you, i got the below error, Where this occured earlier as well, and fixed it by creating the profile .zowe, but later we understood thats for desktop applications. How would we fix this for web applications pls?

'z/OSMF REST API Error:\n' +
      'http(s) request error event called\n' +
      'Error: unable to verify the first certificate',
    causeErrors: Error: unable to verify the first certificate
        at TLSSocket.onConnectSecure (node:_tls_wrap:1600:34)
        at TLSSocket.emit (node:events:517:28)
        at TLSSocket._finishInit (node:_tls_wrap:1017:8)
        at ssl.onhandshakedone (node:_tls_wrap:803:12) {
      code: 'UNABLE_TO_VERIFY_LEAF_SIGNATURE'

[t1m0thyj]

@inv9wj1 Hello, if your mainframe uses self-signed certificates, please try adding rejectUnauthorized: false when creating the session object as in the example below:

  return new Session({
    hostname: "tplavipa.1dc.com",
    port: 443,
    rejectUnauthorized: false,
    // Specify LTPA token type and value on the session object.
    type: "token",
    tokenType: "LtpaToken2",
    tokenValue: ltpaToken,
  });

[ghost]

Thank you So much @traeok :) it worked 👍 ..

I heartfully appreciate the patience in working with me and fixing this.

[traeok]

No problem @inv9wj1, we're happy to help!