#1 2017-10-30 10:17:24

oz
Member
Registered: 2015-09-02
Posts: 98

JWT Authentication

Hi Arnaud,
i need to implement JWT-only authentication for one of my projects. I can rely on the bricks already present right now, first tests show it is working great. But I am questioning myself if it wouldn't be better to implement a TSQLRestServerAuthenticationJWT for better integration with general mORMot authentication scheme. What's your opinion about that topic? Any advice would be appreciated.
Thanks, oz.

Offline

#2 2017-10-30 20:21:34

ab
Administrator
From: France
Registered: 2010-06-21
Posts: 14,661
Website

Re: JWT Authentication

There is no notion of session in JWT, but it is a token which gives you access right.
So there is little benefit in respect to existing authentication schemes.
There is already a SHA-256 hashing of the session signature available, if needed such kind of security.

Otherwise, if you don't need a session, there is already JWT support in mORMot, by using TSQLRestServerURIContext.AuthenticationCheck for method-based services, and also TSQLRestServer.JWTForUnauthenticatedRequest.

Offline

Board footer

Powered by FluxBB