How can I integrate security with the eKuiper rule engine for REST API calls to the command service?

[ouroborosng]

Hi everyone

I'm new to EdgeX and using version 3.1 (Napa). My use case involves using an eKuiper rule to trigger a REST API call to the command microservice to turn on a fan when the temperature hits a certain level. I followed the documentation to create an EdgeX stream and a rule as follows.

# stream
curl -X DELETE $ekuiper_docker:59720/streams/dht11

# rule
curl -X POST \
  http://$ekuiper_docker:59720/rules \
  -H 'Content-Type: application/json' \
  -d '{
  "id": "FanPwmOver25DegreeCelsius",
  "sql": "SELECT temperature FROM dht11 WHERE temperature > 25",
  "actions": [
    {
      "rest": {
        "url": "http://edgex-core-command:59882/api/v3/device/name/raspberry-pi-device/control-fan",
        "method": "put",
        "dataTemplate": "{\"pwm\":\"80\"}",
        "headers": {
          "Authorization": "Bearer <hard coding token>"
        },
        "sendSingle": false
      }
    }
    }
  ]
}'

Issue

When creating the rule to call the EdgeX command microservice through the REST API, includes a hard coding JWT token. However, once this token expires, the API call will fail due to the invalid token.

I would like to ask if there is a better approach? Or how can I refresh this JWT token?

Thanks in advance.

[cloudxxx8]

JWT is not hardcoded. It's retrieved from the secret store dynamically. You may ask eKuiper how to inegrate with EdgeX JWT.
Or, you can use message bus to call the command
https://ekuiper.org/docs/en/latest/edgex/edgex_rule_engine_command.html#option-2-use-messaging-1

Run EdgeX with MQTT broker as the message bus
https://docs.edgexfoundry.org/3.1/microservices/general/messagebus/#mqtt-31
https://github.com/edgexfoundry/edgex-compose/tree/napa/compose-builder#gen

gen the compose file with mqtt-bus arugment

[ouroborosng]

Thank you for suggesting the message bus. I will give it a try.

Additionally, the eKuiper community discussion mentioned that integration can be done through the REST sink and that authentication is supported. Is there any information or resources on how to refresh the token in EdgeX?

Thank you!

[cloudxxx8]

It looks like the REST sink doesn't support the native EdgeX JWT integration. You should not always manually modify the JWT.
Please try the MQTT command approach.

[ouroborosng]

Does this mean there hasn't been a way yet to implement a refresh token with EdgeX JWT?

[cloudxxx8]

yes, it's doable, but requires some additional design and development

[ouroborosng]

Do you know if there's any documentation or examples available on this part? I have tried searching for the keyword "refresh token" within the documents, but I have not found any relevant information yet.

[cloudxxx8]

no, it's not an existing feature, so I said it requires additional design and development