0

The application I am developing is team collaboration tools. This software should prevent unauthorized access. In order to implement this, I've used user and password-based authentication with two roles available - standard user and administrator.

This was implemented entirely in Python by using SQLAlchemy for interacting with the database, and PyQt for the user interface. For authentication, I am calling User Management System to get a token:

Request Body:

{
  "username": "messaing_platform",
  "password": "132465"
}

Response Body:

 {
    "apiData": {
        "navigationList": [],
        "userId": "messaing_platform",
        "userName": "messaing_platform",
        "email": "messaing_platform@erainfotechbd.com",
        "cellNo": "01255",
        "token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJVc2VySWQiOiJjcyIsIm5iZiI6MTY1OTUyNzcxOCwiZXhwIjoxNjYwMTMyNTE4LCJpYXQiOjE2NTk1Mjc3MThasdasd9.4lkEv-TpwIyYcldXfKucy3ynewhbuUFgjtdnKm7ymjE",
        "page": 0,
        "pageSize": 0,
        "searchString": null,
        "skip": 0
    },
    "message": "Record has been saved.",
    "isExecute": true,
    "totalRecord": 0
}

Now, I want to save this token in the PyQT user interface and if the token is expired, then the user should be logged out from the application. How can I do that?

Christopher Marlowe
  • 2,098
  • 6
  • 38
  • 68
  • Store it in a file inside the user profile, maybe using [QSettings](https://doc.qt.io/qt-5/qsettings.html)? – musicamante Aug 03 '22 at 13:07
  • The token appears to be a Json Web Token, [which can be parsed](https://stackoverflow.com/q/59425161/984421) to extract the expiry date/time and various other details. However, the actual token given in your example isn't valid, so it can't be fully parsed. With a little hacking, I can extract the header and the first four fields of the payload, but the signature isn't correctly encoded. Did you edit it, or somehow not copy it into your question properly? Anyway, supposing you have a valid token, you can extract the expiry date/time and simply use a QTimer to log out at the appropriate moment. – ekhumoro Aug 03 '22 at 13:33
  • @ekhumoro, I have changed the token to make it wrong as I don't want to share the token in the public forum. But I have got your idea. Thanks a lot. – Christopher Marlowe Aug 04 '22 at 06:53

0 Answers0