In a volttron web enabled agent, I would like to provide custom security based on jwt token. The token shall be sent with the http header of the request.
I already tried to debug the volttron stack, but didn't find a hint where the header was handled or removed.
I would like to get the header information as part of the environment (env).
You can get the HTTP_AUTHORIZATION header from the call to the web endpoint. Then you can validate that by passing that to the vip.web.get_user_claims(bearer) subsystem call.
https://github.com/VOLTTRON/volttron/blob/develop/volttron/platform/vip/agent/subsystems/web.py#L75
''''
def text(self, env, data): claims = self.vip.web.get_user_claims(env.get('HTTP_AUTHORIZATION'))
Note I don't include the bearer error.
Craig