You are not logged in.
Pages: 1
I'm trying to implement a custom authentication (based on the JWT standard http://jwt.io/) and looking at the mORMot code I think it's not possible to implement it without "touching" the mORMot sessions, which I will not have.
So far what I was able to do was:
- Create my custom authentication method
- Register it and set BypassAuthentication = true on the service
- The client calls this auth method first to get a token, then send this token on every request
- Then I override TSQLRestRoutingREST.Authenticate method to validate the token
It works, but it doesn't feel "right".
Also I can't call my interface IAuth because it conflicts with the one that mORMot registers. Looking at the code, it is implemented by TSQLRestServer.Auth (which is not virtual) and call the TSQLRestServerAuthentication.Auth which relies on session.
It would be nice if I could override TSQLRestServer.Auth or if there was a base class (simpler than TSQLRestServerAuthentication) which didn't rely on sessions that I could use to implement this kind of Auth without overriding a lot of stuff.
Does it make sense?
Last edited by fabioxgn (2016-02-10 16:39:52)
Offline
Offline
Pages: 1