Pages: 1

#1 2019-03-25 13:31:51

mapes
Member
Registered: 2016-10-30
Posts: 16

TJWTAbstract.Verify

Hi,

j := TJWTS3512.Create(JWTLoginSecret, JWTIterationCount, [jrcIssuer, jrcSubject, jrcExpirationTime,jrcIssuedAt,jrcAudience, jrcJWTID], [], 60);
j.Verify(data, jc,[jrcIssuedAt,jrcAudience]);

if data contain IssuedAt claim, gets verified even if is in  Excluded claims.

Is it expected behaviour?

Offline

#2 2019-03-25 18:43:45

ab
Administrator
From: France
Registered: 2010-06-21
Posts: 14,238
Website

Re: TJWTAbstract.Verify

I guess so...

Offline

#3 2019-03-26 07:18:24

mapes
Member
Registered: 2016-10-30
Posts: 16

Re: TJWTAbstract.Verify

Ok.

But if local time used for TJWTAbstract.Compute > server time,

j.Verify = jwtInvalidIssuedAt.

Is there a way to compute from Server TimeStamp ?

Offline

Pages: 1

Board footer

Powered by FluxBB