RE: Access user authorizationServer key from studio

Hi!

Have you had a chance to discuss it?

do you mean if we can let you access in script the user email or name associated with the token?

Yes, current studio user's email

since the studio login is based on OpenId connect SSO, i don't believe the standard allows retrieving non expiring tokens, but even if allow it, the solution of just letting you access the token received at login and without any revalidation does not look good, the majority of cases are going to be with token with expirations

Yeah, looks like a bigger deal

if they are going to do this, should not they already have all access to its tenant data when talking to your API

Role system is a bit more complicated, but it actually can be tolerated at the moment. Problem is the logging, since info sec requires all actions in system to be logged.
And in the case of a single token they all be logged under some technical account.
Maybe there is access to user data like email/name or something? Then probably with combination of a token, user data and studio server IP we can work something out.

since we don't need this token it is not stored, even if we store it, this token in the majority of cases needs revalidation

I see... well I believe ouath2 allows non expiring access tokens with no refresh tokens.
And personally I am ok with this, but yeah, obviously it can be not optimal for other use cases.

bjrmatos ADMINISTRATORS about 2 hours ago
we have talked about your case and we decided to include a way to get this token.

Cool! Happy to hear that!

working on the implementation revealed some issues

Hope you will manage to overcome this :fingers_crossed:

pass it as an env var at jsreport at startup and then just read the env var in your script

We had such idea, but in this case all requests from studio will come from a single token and basically we will be forced to give this token superadmin privileges which is not ideal from security point (will not go over info sec department).
And after all, I guess, having different users in studio is one of the reasons for using authServer and not just sharing master password to all admins.

Hi!

Overall case is that we install our app on premise and our client have two group of users: admins and, well, users.
We install app with preconfigured set of reports.
And the goal is to let admins (who have basic html/js knowledge) edit reports and create new ones.

Problem with HTTP API approach is that we don't know beforehand what data they need. We provide our own API and want user to query it from his report to retrieve data.

I'll make an example:

1. We shipped "Blog post by week days" report with our app
2. Admin wants to add info about comments count to report, but data set lacks comments info
3. ? If he can get authorization in our app's API from jsreport studio he can get this data.

Sorry, I probably don't get some right way to do it. But what are even other ways to authenticate js report studio user with app, I mean not for testing, but for production?

I have an App and I want to add report generating functionalities with JS Report and JS Report studio.

I can login users to JS Report studio with external authserver (my app essentially) but what can I do next?
I need users to be able to execute reports that retrieve data from the app. To retrieve data from the app I need to authenticate in the app. What are my options?

I probably described my scenario poorly.

1. I login in jsreport studio with "Login with authserver".
2. My app authorizes user and issues token
3. In Jsreport studio I ran report by simply clicking "Run" button
4. Report executes script.... and what I need to do is to request my app for data and I need to authenticate with my app somehow, so I thought that it is possible to use token from step 2

Hi! Sorry for long delayed answer, focus shifted a bit.
We are now back to this task. I've added exposeHttpHeaders flag and can see contents of https.headers object but there is no authorization property or anything similar.

Hey! Thanks for reply!

Since I have full control of my app I am flexible on that part. Since we use extensions authentication authorizationServer and already generate and return access_token to jsreport I thought that maybe it can be used for reverse authentication for API calls from studio.
But once again, I can adapt to other strategy if there is one. The main goal is to authenticate user specific API calls from studio to my app without master login/password for all requests.

Hello everyone!

Currently I'm trying to setup communication between my own app and jsreport.
I was able to authenticate my users in jsreport through authorizationServer and now have sql table with their oauth keys.

What I need to do now it is to use my app's API from jsreport studio scripts. I need this calls to be made from current user using studio. Can I somehow access his auth key?

Hello everyone!

Is it possible to use nested each loops to produce sheet using xlsx recipe?
For example if I want to build a "forum" sheet with list of categories and list of posts in each category with following code example.

{{#each categories}} {{name}}
{{#each posts[../id]}} {{name}} {{/each}}
{{/each}}

But I end up getting this error:

unable to find end of loop (#each) in