You are not logged in.
- Topics: Active | Unanswered
Pages: 1
#1 2017-01-03 23:06:05
- Leslie7
- Member
- Registered: 2015-06-25
- Posts: 248
JWT standard
Hi ab,
If my understanding is right, the current implementation of ComputeSignature does not work according the standard. It should be something like this:
var signature : TSHA256Digest;
begin
...
//result := fHeaderB64+payload+'.'+ComputeSignature(payload); << current code
HMAC_SHA256( Private_key , fHeaderB64+payload,signature );
result := fHeaderB64+payload+'.'+ BinToBase64URI(@signature , SizeOf(signature ));
Not not to break current codes it could support both ways.
Private_key does not seem to be available at this point.
Offline
#3 2017-01-04 06:23:33
- Leslie7
- Member
- Registered: 2015-06-25
- Posts: 248
Re: JWT standard
ab,
The result of my hacked code and the result of the original code is different. The result of the modified code is accepted by the 3rd party server. I think it is worth checking. 
"The private key is supplied at constructor class level"
I saw this in the code, it is used to calculate a the 1st part of the token (header) but it does not seem to be stored for later use.
Last edited by Leslie7 (2017-01-04 07:40:10)
Offline
#4 2017-01-04 07:52:55
- Leslie7
- Member
- Registered: 2015-06-25
- Posts: 248
Re: JWT standard
I think I can understand your code somewhat better now: THMAC_SHA256 is created with the private key and it can be updated later without resupplying the key.
Offline
#5 2017-01-04 08:25:23
- Leslie7
- Member
- Registered: 2015-06-25
- Posts: 248
Re: JWT standard
By looking deeper into your code I have realized that there is nothing wrong with it and gave me the idea to solve my problem. It works perfectly with the 3rdParty server if TJWTHS256 is created with the right parameters. I have based my code on this line from the documentation, where the second parameter is 10:
j := TJWTHS256.Create('sec',10,[jrcIssuer,jrcExpirationTime,jrcIssuedAt,jrcJWTID],[],60);
Changing the second parameter to 0 is all it took to get it working.
Last edited by Leslie7 (2017-01-04 08:58:47)
Offline
Pages: 1