#1 2017-12-01 10:07:08

MCvanderKooij
Member
From: Netherlands, Stadskanaal
Registered: 2017-12-01
Posts: 4
Website

Problem with TJWTAbstract.Verify for 'external' tokens

Hi,

I'm trying to use the JWT classes to verify a token created by another server.

What i notice in the Verify that it is testing the signature against a recalculated/created header. However when the original token header contains extra information this will fail.

I think that CheckSignature should check the header and payload of the original token against the signature of that token.
The CheckSignature function could simply be:
function CheckSignature(const Token: RawUTF8): TJWTResult; virtual; abstract;

Or do i miss something?

Offline

#2 2017-12-01 19:10:21

ab
Administrator
From: France
Registered: 2010-06-21
Posts: 14,659
Website

Re: Problem with TJWTAbstract.Verify for 'external' tokens

In fact, we used a prepared THMAC_SHA256 instance, which is indeed expecting the generic header...
This results in a faster process, but also didn't work in your case.

Please check https://synopse.info/fossil/info/c66aac2400

Offline

#3 2017-12-01 20:11:35

MCvanderKooij
Member
From: Netherlands, Stadskanaal
Registered: 2017-12-01
Posts: 4
Website

Re: Problem with TJWTAbstract.Verify for 'external' tokens

Great, thanks, it makes creating my descendant a lot easier :-)

It is my intention to provide my RS256 / RS384 / RS512 JWS version as soon as I'm happy with the result, needs more testing now and probably some optimalizations.

I'm putting it in a separate unit for now.

Offline

Board footer

Powered by FluxBB