Powered by

# Building JavaScript Application - Part 1

# Steps to Build your First Application using HexaEight Sessions

# My Dashboard Application

Pre-Requisites:

Client Application Hostname/URL

We are going to build a simple Javascript application that will allow any email address to login and display the Application name and User name. To build this application we first need to determine the URL for the client application. Since we are going to show a Dashboard with the Profile, we are going to name the Application as "My Dashboard Application" with the Client Application URL as https://dash.mydomain.com

Authorization Server HostName

To authenticate EMail Users in "My Dashboard Application", you need a Authorization Server, this authorization can be self-hosted or hosted in the Cloud. You also need to determine the hostname for the Authorization Server for authorizing end users, hence we are going to name the Authorization Server as authz.mydomain.com. This is the name that will be displayed to end users when they try to login to the application.

Resource Admin EMail Address

In order to create a Domain Resource Identity token for authz.mydomain.com, you need an email address that is present in mydomain.com, the email address can have any name, but it should belong to "mydomain.com" so an email address like [email protected], or [email protected] or anyother email should be good for this purpose. Remember you need to have access to the Inbox as well as the ability to receieve incoming Emails for this Email Address. For this example, we will use [email protected] as Resource Admin EMail Address

Static Hosting

To host the Client Application, you dont need a webserver running 24x7 instead a static site is sufficient. We need to ensure to point the URL dash.mydomain.com to the Static site, using DNS using a CNAME record or A record.

Follow the below guidelines to build your Application

  1. Download and Install HexaEight Authenticator on your Mobile
  2. Create a new EMail vault using Resource Admin EMail Address [email protected]
  3. Assign the Password to the Vault and create a EMail Digital Identity Token
  4. Create A Domain Resource Identity Token for authz.mydomain.com using HexaEight Mobile Application.
  5. Install HexaEight Token Server in any OS and assign the Resource name authz.mydomain.com to the Token Server.
  6. Obtain the SHA512 hash of Client Application (dash.mydomain.com) and Create A Client Application on the Token Server.
SHA512Hash : C0771C554F62CB686570BA13D93CFC4A7A7DD586587ED9DC3FC7B78347E413461EBF908E41B69A203CF5141241073980873165195CC5FE7B8AD25D9D82C33806
  1. Create Client ID for "My Dashboard Application" On the Token Server by Running the below command
$ ./HexaEight_Token_Issuer --clientid
Enter Client Application Name : My Dashboard Application
Enter the List of Allowed Email Domains seperated by comma [Ex : gmail.com, yahoo.com ]. Enter * if you wish to allow any Email Domain : *
Enter the List of Allowed Client Hashes seperated by comma [Ex : E2985273..., F03E854A.... ] Enter * if you wish to allow any Client  : C0771C554F62CB686570BA13D93CFC4A7A7DD586587ED9DC3FC7B78347E413461EBF908E41B69A203CF5141241073980873165195CC5FE7B8AD25D9D82C33806
Enter the List of Scopes seperated by comma  [Ex : user, admin, developer ] Press Enter if you want this Client to have DEFAULT scopes  : DEFAULT,USER

Client ID : XXXXXXX-CLIENTID-XXXXXXX
  1. Download Sample Authorization Policies on the Token Server and modify the files shown below which implements the Authorization policies such as
    1. Which email users are allowed to login?
    2. Which Client Application can the user use to login?
    3. What scope can the user use at the time of login?
userpolicy.csv 
# ---------------User To TokenServer Policy--------------------------
p, /*@/*./*, authz.mydomain.com, XXXXXXX-CLIENTID-XXXXXXX, login
p, /*@/*./*, authz.mydomain.com, XXXXXXX-CLIENTID-XXXXXXX, ask
p, /*@/*./*, authz.mydomain.com, XXXXXXX-CLIENTID-XXXXXXX, poke
clientappspolicy.csv 
# ---------------Allowed Clients Policy--------------------------
p, C0771C554F62CB686570BA13D93CFC4A7A7DD586587ED9DC3FC7B78347E413461EBF908E41B69A203CF5141241073980873165195CC5FE7B8AD25D9D82C33806, authz.mydomain.com, XXXXXXX-CLIENTID-XXXXXXX, clientaccess
clientscopepolicy.csv 
# ---------------Allowed Scopes/Roles Policy--------------------------
p, /*@*./*, C0771C554F62CB686570BA13D93CFC4A7A7DD586587ED9DC3FC7B78347E413461EBF908E41B69A203CF5141241073980873165195CC5FE7B8AD25D9D82C33806, XXXXXXX-CLIENTID-XXXXXXX, DEFAULT
p, /*@*./*, C0771C554F62CB686570BA13D93CFC4A7A7DD586587ED9DC3FC7B78347E413461EBF908E41B69A203CF5141241073980873165195CC5FE7B8AD25D9D82C33806, XXXXXXX-CLIENTID-XXXXXXX, USER

Finally lets create a Javascript webpage that will integrate authentication using HexaEight Sessions.

You can use the following URL https://hexaeight.github.io/hexaeight-session-demo/ to test authentication with HexaEight Authenticator Mobile App by using a Resource Token and EMail Token associated with your EMail Address.

You can use this LINK for code samples using other Site Builders/Frameworks (Vue.js,REACT)

© Copyright 2023. HexaEight.com All rights reserved.