You are not logged in.
- Topics: Active | Unanswered
Pages: 1
#1 Re: mORMot 1 » JWT with RS256, RS384 and RS512 » 2017-12-05 15:19:00
I've integrated the SynOpenSSL.pas small additions, but the rest needs more review.
See https://synopse.info/fossil/info/41a009ce3cThanks for sharing!
Great, that makes maintaince easier...
And a small fix in TJWTAsymetric.SetPublicKey:
The "FPublicKey := Value;" needs to be after the "if FPublicKey <> Value then"...
(Always nice those last moment changes...)
#2 mORMot 1 » JWT with RS256, RS384 and RS512 » 2017-12-05 13:17:05
- MCvanderKooij
- Replies: 7
Hi,
I have created this support for RS256, RS384 and RS512 in JWT using openssl.
Files are included in this zip:
https://www.dropbox.com/s/hnuf3qsgx3o52 … S.zip?dl=0
It needs a few additions to openssl.pas which is also included.
Both signing and verifying works. Feel free to use in mORMot (even better, because you will probably optimize it further :-) )
Kind regards,
Martijn
#3 Re: mORMot 1 » Problem with TJWTAbstract.Verify for 'external' tokens » 2017-12-01 20:11:35
Great, thanks, it makes creating my descendant a lot easier :-)
It is my intention to provide my RS256 / RS384 / RS512 JWS version as soon as I'm happy with the result, needs more testing now and probably some optimalizations.
I'm putting it in a separate unit for now.
#4 mORMot 1 » Problem with TJWTAbstract.Verify for 'external' tokens » 2017-12-01 10:07:08
- MCvanderKooij
- Replies: 2
Hi,
I'm trying to use the JWT classes to verify a token created by another server.
What i notice in the Verify that it is testing the signature against a recalculated/created header. However when the original token header contains extra information this will fail.
I think that CheckSignature should check the header and payload of the original token against the signature of that token.
The CheckSignature function could simply be:
function CheckSignature(const Token: RawUTF8): TJWTResult; virtual; abstract;
Or do i miss something?
Pages: 1