Not real passkeys.
What I have implemented on a few internal apps is use of a one-time token.
Somebody is logged into a SQL report server and part of running certain reports generates a GUID token in a SQL database. The table has an expiration date/time.
They can then link from the report server to one of my internal web apps with a URL that passes that token and specifies an internal "Connect" netWebPage.
The webHandler has an overload of p_web.Authenticate that just has a single parameter for pBearerToken.
That version of the method validates the token against the list in SQL. If valid, then it falls into my code for setting permissions and stuff just like a regular name/password login.
I'm sure there are more elegant options for passing the token.
What I did is
1. Create a NetWebPage which I call Connect
2. In the Connect page, there's a local variable
_token STRING(40)
3. In the Connect page, shortly after the CODE statement, I have the following code:
_token = p_web.GetValue('c')
IF p_web.Authenticate(_token)
p_web.Script('window.location.replace("/IndexPage");')
ELSE
p_web.Script('window.location.replace("/LoginForm");')
END ! if 4. My SQL report has a link to pass the token to the web app
theWebAppURL/Connect?c=[THE TOKEN VALUE]
This was quicker to throw together for an internal app, rather than trying to come up with a correct implementation of basic authentication. But regardless of how you snag the token that's passed to you, you can use the pBearerToken version of p_web.Authenticate.
Topic: Anyone have passkeys implemented (Read 54 times)