MVS Toolkit

Hello,

We would like to use MVS Toolkit with either a web page or a Flutter app.
Specifically, I am looking for an example of user authentication. Did you write your own subroutine for tokens?
We would like to create a simple shopping cart application. Any suggestions will be appreciated.

Thank you,

Chris

------------------------------
Chris Wolcz
Senior Software Developer
Rocket Forum Shared Account
Clifton Park NY United States
------------------------------

Hey, Chris, I remembered that a friend of mine, @Michael Nicklas, also a member of this Forum, has solved the concept of user/password authentication with the Toolkit. I've reached out to him to discuss. Maybe he'll see this post and reply!

------------------------------
Brian S. Cram
Principal Technical Support Engineer
Rocket Software
------------------------------

Hey, Chris, I remembered that a friend of mine, @Michael Nicklas, also a member of this Forum, has solved the concept of user/password authentication with the Toolkit. I've reached out to him to discuss. Maybe he'll see this post and reply!

------------------------------
Brian S. Cram
Principal Technical Support Engineer
Rocket Software
------------------------------

Chris,  Yes the  MVS Toolkit  using JSON is the way I was able to create a login page that  passes data to D3 and then
I used a Subroutine to control how I handle that info as well as pass back  response. What I used it for was to  pass a
compliance issue by showing  the ability to email  a special code that was  needed to finish the logon process.
So if you are good at making a web page then this is process for you.

l hope this helps.



------------------------------
Michael Nicklas
president
Mnm Software Services
Apple Valley CA United States
------------------------------

Chris,  Yes the  MVS Toolkit  using JSON is the way I was able to create a login page that  passes data to D3 and then
I used a Subroutine to control how I handle that info as well as pass back  response. What I used it for was to  pass a
compliance issue by showing  the ability to email  a special code that was  needed to finish the logon process.
So if you are good at making a web page then this is process for you.

l hope this helps.



------------------------------
Michael Nicklas
president
Mnm Software Services
Apple Valley CA United States
------------------------------

Michael,

 

Thank you for your response. If it is not a trade secret, would you mind sharing some code examples?

Do you recommend any extra security measures? E.g.  generate a new token for every transaction, tracking IP or MAC address?

Any recommendation on token length?

------------------------------
Chris Wolcz
Senior Software Developer
Execontrol Global Solutions
Clifton Park NY United States
------------------------------

Hello,

We would like to use MVS Toolkit with either a web page or a Flutter app.
Specifically, I am looking for an example of user authentication. Did you write your own subroutine for tokens?
We would like to create a simple shopping cart application. Any suggestions will be appreciated.

Thank you,

Chris

------------------------------
Chris Wolcz
Senior Software Developer
Rocket Forum Shared Account
Clifton Park NY United States
------------------------------

Hello Chris

I work with Rocketd3 and mvstoolkit and I have managed to make the connection type Basic Auth and Type Bear Token. I share my experience and code of the programs. I hope this information solves your question.

Type  Basic Auth

In this case you only get the user and password data that are sent in the header from the api.

Example:

 ***********OBTENGO  USUARIO DESDE LA CABECERA**************  

 INCLUDE CORS_Headers                                         

 CALL MVSP.GET.HTTP.REQUEST.HEADER(RESPONSE)                  

 USR=TRIM(RESPONSE<2,1>[7,100])                               

 long=LEN(USR)                                                

 ***********DECODIFICO USER*******************************    

 IF USR # "WHATEVER" THEN                     

  error = "2000"   ;**2000 usuario incorrecto                 

  RETURN                                                       

 END  

 

Type Bearer Token

If you need to generate a JWT, you could do it in the following way, I use Python to generate it and I execute it from a pick program I share the example code.

 

SUBROUTINE LOGIN(response)

       ******************************************************************

       *   Verifica si usuario Existe

       *   FPAREDES 31 AGOSTO 2020

       ******************************************************************

       *

       *

       OPEN "D3PYTHON" TO FPYTHON ELSE

          RESPONSE = "No se Encontro el Archivo D3PYTHON "

          RETURN

       END

      

       ***********Verifica que usuario y contrase¤a sean correctos**********

       OPEN "USUARIOS" TO FUSUARIO ELSE

          RESPONSE = "No se Encontro el Archivo USUARIOS "

          RETURN

       END

 

       OPEN "TOKEN" TO FTOKEN ELSE

          RESPONSE = "No se Encontro el Archivo TOKEN "

          RETURN

       END

       ***********OBTENGO  USUARIO DESDE LA CABECERA**************

       INCLUDE CORS_Headers

       CALL MVSP.GET.HTTP.REQUEST.HEADER(RESPONSE)

       USR=TRIM(RESPONSE<2,1>[7,100])

       long=LEN(USR)

       ***********DECODIFICO USER*******************************

       R1=''

       READ R1 FROM FPYTHON,"decode64.py" THEN

        R1<1>="import base64"

        R1<2>="encoded = '":USR:"'"

        R1<3>="data = base64.b64decode(encoded)"

        R1<4>="print(data)"

        WRITE R1 ON FPYTHON,"decode64.py"

       END ELSE

        R1<1>="import base64"

        R1<2>="encoded = '":USR:"'"

        R1<3>="data = base64.b64decode(encoded)"

        R1<4>="print(data)"

        WRITE R1 ON FPYTHON,"decode64.py"

       END

       SEL1 = "python C:\\D3PYTHON\\decode64.py"

       EXECUTE SEL1 CAPTURING JJ

       IDUSR=JJ<1>

       USR=FIELD(IDUSR,':',1); **USR

       PASS=FIELD(IDUSR,':',2); **PASS

       USER=OCONV(USR,"G1'1")

       PASSWORD=OCONV(PASS,"G0'1")

       *********************************************************

       R=''

       READ R FROM FUSUARIO,USER THEN

          IF PASSWORD # R<1> THEN

             RESPONSE = "Password incorrecto"

             RETURN

          END ELSE

             R1=''

             READ R1 FROM FPYTHON,"login.py" THEN

                R1<1>="import jwt"

                R1<2>="from time import time"

                R1<3>='secret_key = "clavemexico"'

                R1<4>="token = jwt.encode({"

                R1<5>="'user': '":user:"',"

                R1<6>="'password': '":password:"',"

                R1<7>="'exp': time() + 300"

                R1<8>="}, secret_key, algorithm='HS256').decode('utf-8')"

                R1<9>="print(token)"

                WRITE R1 ON FPYTHON,"login.py"

             END ELSE

                R1<1>="import jwt"

                R1<2>="from time import time"

                R1<3>='secret_key = "clavemexico"'

                R1<4>="token = jwt.encode({"

                R1<5>="'user': '":user:"',"

                R1<6>="'password': '":password:"',"

                R1<7>="'exp': time() + 300"

                R1<8>="}, secret_key, algorithm='HS256').decode('utf-8')"

                R1<9>="print(token)"

                WRITE R1 ON FPYTHON,"login.py"

             END

             SEL = "python C:\\D3PYTHON\\login.py"

             EXECUTE SEL CAPTURING XX

             RESPONSE=XX<1>

             ********GRABA ARCHIVO TOKEN***************

             CLAVE=DATE():"*":TIME()

             R2=''

             READ R2 FROM FTOKEN,CLAVE THEN

               R2<1>=RESPONSE

               R2<2>=DATE()

               R2<3>=TIME()

               R2<4>=user

               WRITE R2 ON FTOKEN,CLAVE

             END ELSE

               R2<1>=RESPONSE

               R2<2>=DATE()

               R2<3>=TIME()

               R2<4>=user

               WRITE R2 ON FTOKEN,CLAVE

             END

          END

       END ELSE

          RESPONSE = "Usuario ":USER:" no existe"

          RETURN

       END      

       RETURN

 
Python programs to get JWT.

login.py                                                 

import jwt

from time import time

secret_key = "clavemexico"

token = jwt.encode({

'user': 'mexico',

'password': 'TijFGWIZSSFD',

'exp': time() + 300

}, secret_key, algorithm='HS256').decode('utf-8')

print(token)

 

 

decode64.py

import base64

encoded = 'd29jY3U6VGlqRkdXSVo='

data = base64.b64decode(encoded)

print(data)

 

valida.py

import jwt

secret_key = "clavemexico"

token = 'eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ1c2VyIjoid29jY3UiLCJwYXNzd29yZCI6IlRpakZHV0laIiwiZXhwIjoxNTk5MTA1MjA3LjY1MjYwNDh9.iM0U8MlbqSn9GzeSIUM3v_GrBpzyGTYPLjFUKUMdWQ0'

payload = jwt.decode(token, secret_key, algorithms=['HS256'])

print(payload)"

Regards
Fausto Paredes

------------------------------
Fausto Paredes
GENERAL MANAGER
Admindysad Cia. Ltda.
Quito Ecuador
------------------------------

Hello Chris

I work with Rocketd3 and mvstoolkit and I have managed to make the connection type Basic Auth and Type Bear Token. I share my experience and code of the programs. I hope this information solves your question.

Type  Basic Auth

In this case you only get the user and password data that are sent in the header from the api.

Example:

 ***********OBTENGO  USUARIO DESDE LA CABECERA**************  

 INCLUDE CORS_Headers                                         

 CALL MVSP.GET.HTTP.REQUEST.HEADER(RESPONSE)                  

 USR=TRIM(RESPONSE<2,1>[7,100])                               

 long=LEN(USR)                                                

 ***********DECODIFICO USER*******************************    

 IF USR # "WHATEVER" THEN                     

  error = "2000"   ;**2000 usuario incorrecto                 

  RETURN                                                       

 END  

 

Type Bearer Token

If you need to generate a JWT, you could do it in the following way, I use Python to generate it and I execute it from a pick program I share the example code.

 

SUBROUTINE LOGIN(response)

       ******************************************************************

       *   Verifica si usuario Existe

       *   FPAREDES 31 AGOSTO 2020

       ******************************************************************

       *

       *

       OPEN "D3PYTHON" TO FPYTHON ELSE

          RESPONSE = "No se Encontro el Archivo D3PYTHON "

          RETURN

       END

      

       ***********Verifica que usuario y contrase¤a sean correctos**********

       OPEN "USUARIOS" TO FUSUARIO ELSE

          RESPONSE = "No se Encontro el Archivo USUARIOS "

          RETURN

       END

 

       OPEN "TOKEN" TO FTOKEN ELSE

          RESPONSE = "No se Encontro el Archivo TOKEN "

          RETURN

       END

       ***********OBTENGO  USUARIO DESDE LA CABECERA**************

       INCLUDE CORS_Headers

       CALL MVSP.GET.HTTP.REQUEST.HEADER(RESPONSE)

       USR=TRIM(RESPONSE<2,1>[7,100])

       long=LEN(USR)

       ***********DECODIFICO USER*******************************

       R1=''

       READ R1 FROM FPYTHON,"decode64.py" THEN

        R1<1>="import base64"

        R1<2>="encoded = '":USR:"'"

        R1<3>="data = base64.b64decode(encoded)"

        R1<4>="print(data)"

        WRITE R1 ON FPYTHON,"decode64.py"

       END ELSE

        R1<1>="import base64"

        R1<2>="encoded = '":USR:"'"

        R1<3>="data = base64.b64decode(encoded)"

        R1<4>="print(data)"

        WRITE R1 ON FPYTHON,"decode64.py"

       END

       SEL1 = "python C:\\D3PYTHON\\decode64.py"

       EXECUTE SEL1 CAPTURING JJ

       IDUSR=JJ<1>

       USR=FIELD(IDUSR,':',1); **USR

       PASS=FIELD(IDUSR,':',2); **PASS

       USER=OCONV(USR,"G1'1")

       PASSWORD=OCONV(PASS,"G0'1")

       *********************************************************

       R=''

       READ R FROM FUSUARIO,USER THEN

          IF PASSWORD # R<1> THEN

             RESPONSE = "Password incorrecto"

             RETURN

          END ELSE

             R1=''

             READ R1 FROM FPYTHON,"login.py" THEN

                R1<1>="import jwt"

                R1<2>="from time import time"

                R1<3>='secret_key = "clavemexico"'

                R1<4>="token = jwt.encode({"

                R1<5>="'user': '":user:"',"

                R1<6>="'password': '":password:"',"

                R1<7>="'exp': time() + 300"

                R1<8>="}, secret_key, algorithm='HS256').decode('utf-8')"

                R1<9>="print(token)"

                WRITE R1 ON FPYTHON,"login.py"

             END ELSE

                R1<1>="import jwt"

                R1<2>="from time import time"

                R1<3>='secret_key = "clavemexico"'

                R1<4>="token = jwt.encode({"

                R1<5>="'user': '":user:"',"

                R1<6>="'password': '":password:"',"

                R1<7>="'exp': time() + 300"

                R1<8>="}, secret_key, algorithm='HS256').decode('utf-8')"

                R1<9>="print(token)"

                WRITE R1 ON FPYTHON,"login.py"

             END

             SEL = "python C:\\D3PYTHON\\login.py"

             EXECUTE SEL CAPTURING XX

             RESPONSE=XX<1>

             ********GRABA ARCHIVO TOKEN***************

             CLAVE=DATE():"*":TIME()

             R2=''

             READ R2 FROM FTOKEN,CLAVE THEN

               R2<1>=RESPONSE

               R2<2>=DATE()

               R2<3>=TIME()

               R2<4>=user

               WRITE R2 ON FTOKEN,CLAVE

             END ELSE

               R2<1>=RESPONSE

               R2<2>=DATE()

               R2<3>=TIME()

               R2<4>=user

               WRITE R2 ON FTOKEN,CLAVE

             END

          END

       END ELSE

          RESPONSE = "Usuario ":USER:" no existe"

          RETURN

       END      

       RETURN

 
Python programs to get JWT.

login.py                                                 

import jwt

from time import time

secret_key = "clavemexico"

token = jwt.encode({

'user': 'mexico',

'password': 'TijFGWIZSSFD',

'exp': time() + 300

}, secret_key, algorithm='HS256').decode('utf-8')

print(token)

 

 

decode64.py

import base64

encoded = 'd29jY3U6VGlqRkdXSVo='

data = base64.b64decode(encoded)

print(data)

 

valida.py

import jwt

secret_key = "clavemexico"

token = 'eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ1c2VyIjoid29jY3UiLCJwYXNzd29yZCI6IlRpakZHV0laIiwiZXhwIjoxNTk5MTA1MjA3LjY1MjYwNDh9.iM0U8MlbqSn9GzeSIUM3v_GrBpzyGTYPLjFUKUMdWQ0'

payload = jwt.decode(token, secret_key, algorithms=['HS256'])

print(payload)"

Regards
Fausto Paredes

------------------------------
Fausto Paredes
GENERAL MANAGER
Admindysad Cia. Ltda.
Quito Ecuador
------------------------------

Fausto,

Thank you for your response. It is very helpful.
We haven't use Python much but it seems like the easiest option. I think that D3 does not accept ASCII 255 characters in variables. Did you ever run into a problem with "ASCII 255" characters when capturing output from Python?

Thanks,

Chris

------------------------------
Chris Wolcz
Senior Software Developer
Execontrol Global Solutions
Clifton Park NY United States
------------------------------

Fausto,

Thank you for your response. It is very helpful.
We haven't use Python much but it seems like the easiest option. I think that D3 does not accept ASCII 255 characters in variables. Did you ever run into a problem with "ASCII 255" characters when capturing output from Python?

Thanks,

Chris

------------------------------
Chris Wolcz
Senior Software Developer
Execontrol Global Solutions
Clifton Park NY United States
------------------------------

Hello Chris

If you refer to special characters like Ñ or tildes (á,é,í,ó,ú), I convert them with a subroutine.

I attach an example that could help you.

SUBROUTINE CONVUTF8(TXT)
    **FORMATO PARA TILDES Y N EN ESPANOL
    **FPAREDES 24-AGO-2020
    TXT = SWAP(TXT, CHAR(195):CHAR(145), CHAR(165)); * Ñ
    TXT = SWAP(TXT, CHAR(195):CHAR(177), CHAR(164)); * ñ    
    TXT = SWAP(TXT, CHAR(195):CHAR(129), CHAR(65)); * A
    TXT = SWAP(TXT, CHAR(195):CHAR(161), CHAR(160)); * á
    TXT = SWAP(TXT, CHAR(193), CHAR(65)); * A
    TXT = SWAP(TXT, CHAR(225), CHAR(160)); * a
    TXT = SWAP(TXT, CHAR(195):CHAR(137), CHAR(69)); * E
    TXT = SWAP(TXT, CHAR(195):CHAR(169), CHAR(130)); * é
    TXT = SWAP(TXT, CHAR(233), CHAR(130)); * e
    TXT = SWAP(TXT, CHAR(195):CHAR(141), CHAR(73)); * I
    TXT = SWAP(TXT, CHAR(195):CHAR(173), CHAR(161)); * i
    TXT = SWAP(TXT, CHAR(237), CHAR(161)); * i
    TXT = SWAP(TXT, CHAR(195):CHAR(147), CHAR(79)); * O
    TXT = SWAP(TXT, CHAR(195):CHAR(179), CHAR(162)); * ó
    TXT = SWAP(TXT, CHAR(243), CHAR(162)); * a
    TXT = SWAP(TXT, CHAR(195):CHAR(154), CHAR(85)); * U
    TXT = SWAP(TXT, CHAR(195):CHAR(186), CHAR(163)); * ú
    TXT = SWAP(TXT, CHAR(250), CHAR(163)); * u
RETURN

------------------------------
Fausto Paredes
GENERAL MANAGER
Admindysad Cia. Ltda.
Quito Ecuador
------------------------------

Hello Chris

If you refer to special characters like Ñ or tildes (á,é,í,ó,ú), I convert them with a subroutine.

I attach an example that could help you.

SUBROUTINE CONVUTF8(TXT)
    **FORMATO PARA TILDES Y N EN ESPANOL
    **FPAREDES 24-AGO-2020
    TXT = SWAP(TXT, CHAR(195):CHAR(145), CHAR(165)); * Ñ
    TXT = SWAP(TXT, CHAR(195):CHAR(177), CHAR(164)); * ñ    
    TXT = SWAP(TXT, CHAR(195):CHAR(129), CHAR(65)); * A
    TXT = SWAP(TXT, CHAR(195):CHAR(161), CHAR(160)); * á
    TXT = SWAP(TXT, CHAR(193), CHAR(65)); * A
    TXT = SWAP(TXT, CHAR(225), CHAR(160)); * a
    TXT = SWAP(TXT, CHAR(195):CHAR(137), CHAR(69)); * E
    TXT = SWAP(TXT, CHAR(195):CHAR(169), CHAR(130)); * é
    TXT = SWAP(TXT, CHAR(233), CHAR(130)); * e
    TXT = SWAP(TXT, CHAR(195):CHAR(141), CHAR(73)); * I
    TXT = SWAP(TXT, CHAR(195):CHAR(173), CHAR(161)); * i
    TXT = SWAP(TXT, CHAR(237), CHAR(161)); * i
    TXT = SWAP(TXT, CHAR(195):CHAR(147), CHAR(79)); * O
    TXT = SWAP(TXT, CHAR(195):CHAR(179), CHAR(162)); * ó
    TXT = SWAP(TXT, CHAR(243), CHAR(162)); * a
    TXT = SWAP(TXT, CHAR(195):CHAR(154), CHAR(85)); * U
    TXT = SWAP(TXT, CHAR(195):CHAR(186), CHAR(163)); * ú
    TXT = SWAP(TXT, CHAR(250), CHAR(163)); * u
RETURN

------------------------------
Fausto Paredes
GENERAL MANAGER
Admindysad Cia. Ltda.
Quito Ecuador
------------------------------

Fausto,

MR. Cram said: "ASCII 255 ( xFF ) is a Pick ( D3 and everybody else ) reserved character called a "segment" mark. It signifies the end of a string or the end of an item."

I remember having a problem with it, when handled an encrypted string. :)

Regards,

Chris

------------------------------
Chris Wolcz
Senior Software Developer
Execontrol Global Solutions
Clifton Park NY United States
------------------------------

Fausto,

MR. Cram said: "ASCII 255 ( xFF ) is a Pick ( D3 and everybody else ) reserved character called a "segment" mark. It signifies the end of a string or the end of an item."

I remember having a problem with it, when handled an encrypted string. :)

Regards,

Chris

------------------------------
Chris Wolcz
Senior Software Developer
Execontrol Global Solutions
Clifton Park NY United States
------------------------------

Still researching about whether xFF ( char(255) ) is the string termination character. In trying to test that theory, we tried concatenating some normal characters fore and aft of a segment mark ( var = "aaa":char(255):"bbb". I figured that the char(255) would truncate the string after "aaa", but I was wrong. I'm guessing that there's something in BASIC that rejects insertion of a char(255) into a string ( would make senses ). I'm still researching.

------------------------------
Brian S. Cram
Principal Technical Support Engineer
Rocket Software
------------------------------

Still researching about whether xFF ( char(255) ) is the string termination character. In trying to test that theory, we tried concatenating some normal characters fore and aft of a segment mark ( var = "aaa":char(255):"bbb". I figured that the char(255) would truncate the string after "aaa", but I was wrong. I'm guessing that there's something in BASIC that rejects insertion of a char(255) into a string ( would make senses ). I'm still researching.

------------------------------
Brian S. Cram
Principal Technical Support Engineer
Rocket Software
------------------------------

Hy i ussualy use this subroutine to clean up strings

you just need to ajust or remove the precision statement... 

and call the subroutine, it will clean up all the "non-printable" chars, fix others unicodes from differents charsets, and convert special chars to normal char

------------------------------
Alberto Leal
System Analist
Millano Distribuidora de Auto Pecas Ltda
Varzea Grande MT Brazil
------------------------------