Parsing JWT from keycloak (custom header)

cadnan · 2024-01-17 10:07:37

I am just giving keycloak as an example of a problem.

Keycloak generates a JWT with the following header, for example:

{
  "alg": "RS256",
  "typ": "JWT",
  "kid": "Ov1FFK-avlBR40w6MHNNdCkR5Rl4QcL-STw7h2H11fc"
}

When parsing token this if line is activated in mormot.crypt.jwt, line 1074:

if (toklen <= headerlen) or
    not CompareMem(pointer(fHeaderB64), tok, headerlen) then
    exit;

I suspect that fHeaderB64 is created with the following "template" in mind:

if fHeader = '' then
  FormatUtf8('{"alg":"%","typ":"JWT"}', [aAlgorithm], fHeader);

Any idea what would be a recommended course of action for me here?

Thanks!

cadnan · 2024-01-17 10:26:28

I think I found the solution for this.

Once you instantiate a TJwtCrypt class (or similar) you can set Options to [joHeaderParse].
In case I am doing it wrong, please let me know.

Thanks,
+adnan

ab · 2024-01-17 17:27:21

This is indeed the way to go with custom/extended headers.

mORMot Open Source