You are not logged in.
- Topics: Active | Unanswered
#1 2017-12-01 10:07:08
- MCvanderKooij
- Member
- From: Netherlands, Stadskanaal
- Registered: 2017-12-01
- Posts: 4
- Website
Problem with TJWTAbstract.Verify for 'external' tokens
Hi,
I'm trying to use the JWT classes to verify a token created by another server.
What i notice in the Verify that it is testing the signature against a recalculated/created header. However when the original token header contains extra information this will fail.
I think that CheckSignature should check the header and payload of the original token against the signature of that token.
The CheckSignature function could simply be:
function CheckSignature(const Token: RawUTF8): TJWTResult; virtual; abstract;
Or do i miss something?
Offline
#2 2017-12-01 19:10:21
Re: Problem with TJWTAbstract.Verify for 'external' tokens
In fact, we used a prepared THMAC_SHA256 instance, which is indeed expecting the generic header...
This results in a faster process, but also didn't work in your case.
Please check https://synopse.info/fossil/info/c66aac2400
Offline
#3 2017-12-01 20:11:35
- MCvanderKooij
- Member
- From: Netherlands, Stadskanaal
- Registered: 2017-12-01
- Posts: 4
- Website
Re: Problem with TJWTAbstract.Verify for 'external' tokens
Great, thanks, it makes creating my descendant a lot easier :-)
It is my intention to provide my RS256 / RS384 / RS512 JWS version as soon as I'm happy with the result, needs more testing now and probably some optimalizations.
I'm putting it in a separate unit for now.
Offline