Because we can take advantage of Soracom Endorse's Request Parameters option, we can append any data that would be useful for authorizing access to a network resource by simply appending that data to the HTTP token request:
We can then combine the additional request parameters with Endorse's
redirect_url behavior to create a login page that will authorize logins based on username and IMSI, rather than username and password.
To do this, we need to first enable the following Endorse options:
- Items to include in token - IMSI and Request parameters
- Allow origin -
- Authorized redirect URLs -
Next, we need to build a simple login page with a
username field, which will POST an HTTP request to Endorse, including our desired
redirect_url in the POST URL, and our
username in the POST body:
- HTTP request URL:
- HTTP request body:
Issue Token and Redirect
When we submit our form while connected using a Soracom Air cellular connection, Endorse will issue a token and return an HTTP redirect response to
https://myserver.example.com/login, with the issued token and
username as the POST body.
Our server will receive the redirected requested, along with the following POST body content:
We can then use a JWT library to decode the header and payload of the token. In order to authorize access:
- Our server should download the public key indicated in the JWT header
- Our server should then verify the token signature using the public key. If the signatures match, then:
- Decode the payload of the token in order to extract the
username(provided by the Request parameters option), and the
imsi(provided by Endorse).
- Our server should finally confirm that the
imsimatch existing records, and proceed with logging the user in.