HISE Logo Forum
    • Categories
    • Register
    • Login

    WP License Manager / JWT Authorization - HELP?

    Scheduled Pinned Locked Moved Scripting
    14 Posts 5 Posters 1.0k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • Dan KorneffD
      Dan Korneff @CyberGen
      last edited by

      @CyberGen JWT contains 3 parts, separated by dots(Header, Payload, Signature).
      My guess is that when you receive the token you're dropping the dots.

      Dan Korneff - Producer / Mixer / Audio Nerd

      CyberGenC 1 Reply Last reply Reply Quote 2
      • orangeO
        orange @CyberGen
        last edited by

        @CyberGen

        Are you using Wordfence or similar firewall plugin on the Wordpress? If yes, make sure that API calls are allowed.

        In the Wordfence, the below setting must be unchecked.

        Prevent discovery of usernames through '/?author=N' scans, the oEmbed API, the WordPress REST API, and WordPress XML Sitemaps 
        

        develop Branch / XCode 13.1
        macOS Monterey / M1 Max

        CyberGenC 1 Reply Last reply Reply Quote 1
        • CyberGenC
          CyberGen @Dan Korneff
          last edited by

          @Dan-Korneff Yes, chatGPT had mentioned something similar. How/Where can I find out if I'm "dropping the dots"?

          1 Reply Last reply Reply Quote 0
          • CyberGenC
            CyberGen @orange
            last edited by

            @orange Thanks for this suggestion. I don't have wordfence installed. But I asked their tech support if I had any other plugins installed that could block API calls. They suggested uninstalling W3 Cache. Which I did, but did not solve the problem.

            CyberGenC 1 Reply Last reply Reply Quote 0
            • CyberGenC
              CyberGen @CyberGen
              last edited by

              @CyberGen Tech support revealed that log errors showed problems with the guttenberg theme. Which I proceeded to uninstall and replace with their default theme..... Still, the problem was not solved. They opened up a ticket and said they would try to work the problem from their end. I must say Nexcess' tech support is fast and good. Hopefully they find the problem if it is on their end. I wish I knew enough to be sure is not something I'm doing wrong in HISE.

              CyberGenC 1 Reply Last reply Reply Quote 0
              • CyberGenC
                CyberGen @CyberGen
                last edited by

                @CyberGen @d-healey @orange @Dan-Korneff

                Hi again fellas,

                I've got things to work almost all the way. I will share the final code for future reference when the final issue is resolved. So far, the token is downloading properly and validation is working. License activation works but, the signature is still giving me trouble.

                If I don't set a private key in the license manager API page, HISE's console gives me: "signature": "private key not set". But if set a key made with HISE's RSA key generator, it gives me: "signature": "error:0607A082:digital envelope routines:EVP_CIPHER_CTX_set_key_length:invalid key length"

                I tried different private key configs and algo configs, same result. Can someone share the proper settings for the License Manager API private key? Or the right length? or an app the generates the right format of key?Screenshot 2024-08-19 at 3.21.47 PM.png

                d.healeyD CyberGenC 2 Replies Last reply Reply Quote 0
                • CyberGenC CyberGen marked this topic as a question on
                • d.healeyD
                  d.healey @CyberGen
                  last edited by

                  @CyberGen I'm not using the REST API so I can't help you here.

                  Libre Wave - Freedom respecting instruments and effects
                  My Patreon - HISE tutorials
                  YouTube Channel - Public HISE tutorials

                  1 Reply Last reply Reply Quote 0
                  • CyberGenC
                    CyberGen @CyberGen
                    last edited by CyberGen

                    @CyberGen

                    This worked for me.

                    1. Generate an RSA Key Pair
                      Open a terminal or command prompt.

                    Run the following command to generate a private key:

                    openssl genrsa -out private.pem 2048
                    

                    Extract the public key from the private key:

                    openssl rsa -in private.pem -outform PEM -pubout -out public.pem
                    
                    1. View the Keys
                      If you want to see what your generated keys look like, you can display them using the cat command:
                    cat private.pem
                    cat public.pem
                    
                    1. When setting the private key in WP License Manager API include:
                      -----BEGIN RSA PRIVATE KEY-----
                      and
                      -----END RSA PRIVATE KEY-----

                    That should take care of it.

                    1 Reply Last reply Reply Quote 0
                    • CyberGenC CyberGen has marked this topic as solved on
                    • CyberGenC
                      CyberGen @CyberGen
                      last edited by CyberGen

                      @CyberGen

                      I leave this here cuz, nobody ELSE should spend a week of their lives figuring this out. :anxious_face_with_sweat:

                      The code below works for me doing the following.

                      User Authentication:
                      Set up credentials for JWT token generation and sent a POST request to the /wp-json/jwt-auth/v1/token endpoint to authenticate and receive a JWT.

                      Token Handling:
                      The received JWT is used for subsequent requests to ensure each request is authenticated.

                      Token Validation:
                      The token is validated by sending it back to the server, ensuring it's valid and active before proceeding with any sensitive operations.

                      License Activation:
                      Post-token validation, we proceed to activate the license using the license key and other necessary details, which are then verified by the server.

                      
                      // Server Address
                      Server.setBaseURL("https://yourserver.com");
                      
                      // Credentials for authentication
                      const var credentials = 
                      {
                        "username": "you@yourserver.com",
                        "password": "yourpassword"
                      }
                      
                      // Relevant references
                      const var authUrl = "/wp-json/jwt-auth/v1/token";
                      const var validateUrl = "/wp-json/jwt-auth/v1/token/validate";
                      const var activateUrl = "/wp-json/wclm/v3/activate";
                      
                      reg jwtToken = "";
                      
                      // Some debug stuff
                      Console.clear();
                      if (Server.isOnline()) Console.print("Server is Online!" + "\n");
                      Console.print("Authorization URL: " + authUrl);
                      Console.print("Validate URL: " + validateUrl);
                      Console.print("Activate URL: " + activateUrl + "\n");
                      
                      // Authenticate and retrieve token
                      inline function authenticateUser() 
                      {
                          Console.print("Starting authentication process...");
                              
                          Server.callWithPOST(authUrl, credentials, printResponse);
                      };
                      
                      inline function printResponse(status, response) 
                      {
                          Console.print("Received response: " + JSON.stringify(response));
                          
                          if (response.token != "") 
                          {
                              jwtToken = response.token;
                              
                              validateToken();
                          } 
                          else 
                          {
                              Console.print("Authentication failed: " + response.message);
                          }
                      };
                      
                      // Validate the JWT token
                      inline function validateToken() 
                      {
                      	Console.print("atempting to validate");
                      
                          if (jwtToken != "") 
                          {
                              Server.setHttpHeader("Authorization: Bearer " + jwtToken);
                      
                              Server.callWithPOST(validateUrl, {}, function(status, response) 
                              {
                                  Console.print("Validation response: " + JSON.stringify(response));
                      
                                  if (response.code == "jwt_auth_valid_token") 
                                  {
                                      Console.print("Token is valid!");
                                      
                                      activateLicense();
                                  } 
                                  else 
                                  {
                                      Console.print("Token validation failed: " + response.message);
                                  }
                              });
                          } 
                          else 
                          {
                              Console.print("No JWT token found.");
                          }
                      }
                      
                      // License activation details
                      const var licenseData = 
                      {
                          "license_key": "your-prod-key-lic"
                      };
                      
                      // Activate the license
                      inline function activateLicense() 
                      {
                          Console.print("Starting license activation..." + licenseData.license_key);
                      
                          // Set the Authorization header with the JWT token
                          Server.setHttpHeader("Authorization: Bearer " + jwtToken);
                      
                          // Send the POST request to activate the license
                          Server.callWithPOST(activateUrl, licenseData, handleActivationResponse);
                      
                      };
                      
                      // Function to handle the response from license activation
                      inline function handleActivationResponse(status, response)
                      {
                      	Console.print(response.signature);
                      	
                          if (response["response"]["result"] == "success") 
                          {
                              Console.print(response["response"]["message"] + "!");
                          } 
                          else 
                          {
                              Console.print(response["response"]["message"] + "!");
                          }
                      };
                      
                      // Example: Trigger authentication when a button is clicked
                      inline function onButton1Control(component, value) 
                      {
                          if (value) authenticateUser();
                      }
                      Content.getComponent("Button1").setControlCallback(onButton1Control);
                      
                      
                      alhugA CyberGenC 2 Replies Last reply Reply Quote 2
                      • CyberGenC CyberGen marked this topic as a regular topic on
                      • alhugA
                        alhug @CyberGen
                        last edited by

                        @CyberGen nice, thanks. Our shop doesn't use wordpress so I'm building an authentication system using my own bubble app. This helped a lot setting up the plugin side of things.

                        "HISE is for software developers. If you're not one you must become one." - David Healy

                        1 Reply Last reply Reply Quote 1
                        • CyberGenC
                          CyberGen @CyberGen
                          last edited by

                          @CyberGen A list of License Manager API endpoints. Might be useful for those using the License Manager API.

                          Base Endpoint:
                          /wclm/v3
                          Methods: GET
                          Description: Base route for the wclm/v3 namespace.
                          Verify License:
                          /wclm/v3/verify
                          Methods: GET, POST, PUT, PATCH, DELETE
                          Description: Endpoint for verifying a license.
                          Activate License:
                          /wclm/v3/activate
                          Methods: GET, POST, PUT, PATCH, DELETE
                          Description: Endpoint for activating a license.
                          Deactivate License:
                          /wclm/v3/deactivate
                          Methods: GET, POST, PUT, PATCH, DELETE
                          Description: Endpoint for deactivating a license.
                          Get License Details:
                          /wclm/v3/get-license-details
                          Methods: GET, POST, PUT, PATCH, DELETE
                          Description: Endpoint for retrieving the details of a license.
                          Get Product API Meta:
                          /wclm/v3/get-product-api-meta
                          Methods: GET, POST, PUT, PATCH, DELETE
                          Description: Endpoint for retrieving product API metadata.
                          Get License Status:
                          /wclm/v3/get-license-status
                          Methods: GET, POST, PUT, PATCH, DELETE
                          Description: Endpoint for retrieving the status of a license.
                          Get Current User Licenses:
                          /wclm/v3/get-current-user-licenses
                          Methods: GET, POST, PUT, PATCH, DELETE
                          Description: Endpoint for retrieving licenses associated with the current user.
                          Register License Key:
                          /wclm/v3/register-license-key
                          Methods: GET, POST, PUT, PATCH, DELETE
                          Description: Endpoint for registering a new license key.
                          Set License Status:
                          /wclm/v3/set-license-status
                          Methods: GET, POST, PUT, PATCH, DELETE
                          Description: Endpoint for setting the status of a license.
                          Create License Key:
                          /wclm/v3/create-license-key
                          Methods: GET, POST, PUT, PATCH, DELETE
                          Description: Endpoint for creating a new license key.
                          Update License Key:
                          /wclm/v3/update-license-key
                          Methods: GET, POST, PUT, PATCH, DELETE
                          Description: Endpoint for updating an existing license key.
                          Delete License Key:
                          /wclm/v3/delete-license-key
                          Methods: GET, POST, PUT, PATCH, DELETE
                          Description: Endpoint for deleting a license key.
                          Add License Key Meta:
                          /wclm/v3/add-license-key-meta
                          Methods: GET, POST, PUT, PATCH, DELETE
                          Description: Endpoint for adding metadata to a license key.
                          Update License Key Meta:
                          /wclm/v3/update-license-key-meta
                          Methods: GET, POST, PUT, PATCH, DELETE
                          Description: Endpoint for updating metadata associated with a license key.
                          Delete License Key Meta:
                          /wclm/v3/delete-license-key-meta
                          Methods: GET, POST, PUT, PATCH, DELETE
                          Description: Endpoint for deleting metadata associated with a license key.

                          1 Reply Last reply Reply Quote 0
                          • First post
                            Last post

                          34

                          Online

                          1.7k

                          Users

                          11.9k

                          Topics

                          103.5k

                          Posts