You are not logged in.
- Topics: Active | Unanswered
Pages: 1
#1 2018-03-02 20:20:10
- fabioxgn
- Member
- Registered: 2015-11-06
- Posts: 34
How to use JWT token on the client side
I'm implementing JWT authentication in my project, and previously I was using a third party JWT library and storing the token on a cookie so it was transparent on the client side as the cookie was sent on every request.
Now I've replaced the JWT implementation on the server side and everything is OK.
But I can't figure out how to send the token back to the server after I get it on the client side, right now what I have is:
- Client sends login/password to server
- Server authenticates and returns the token (string)
This is working just fine, but on the client I need to read the token payload, so what I did was something like this:
FToken := LoginService.Login(AUserName, APassword);
if TJWTAbstract.VerifyPayload(FToken, '', 'Monde', '') <> jwtValid then
raise EValidationError.Create('Invalid Token.');
Token := TJWTHS256.Create('', 0, [], []);
try
Token.Verify(FToken, JWT); // Is this the only way to read the payload values?
UserID := JWT.data.S['uid'];
finally
Token.free;
end;Is this the correct way to read the token's payload on the client side?
Now, how do I send the token on the Header now so the server can authenticate the client?
Last edited by fabioxgn (2018-03-02 20:22:26)
Offline
#2 2018-03-02 20:45:59
Offline
#3 2018-03-02 20:57:51
- fabioxgn
- Member
- Registered: 2015-11-06
- Posts: 34
Re: How to use JWT token on the client side
Figure how to send the token:
FRestClient.SessionHttpHeader := HEADER_BEARER_UPPER + Token;But I'm still not sure about the correct way to read the payload on the client.
Offline
#4 2018-03-03 11:58:16
Re: How to use JWT token on the client side
So you want to decode the token payload on the client, without knowing the secret key?
The Verify() method can do this - even if since you don't know the secret, it will return "invalid".
Therefore, it is not the most convenient way...
I've just added a new Payload optional parameter to TJWTAbstract.VerifyPayload() so that you may be able to easily check the payload content as a TDocVariantData.
See https://synopse.info/fossil/info/3e0909f6e2
Offline
#5 2018-03-03 13:32:46
- fabioxgn
- Member
- Registered: 2015-11-06
- Posts: 34
Re: How to use JWT token on the client side
So you want to decode the token payload on the client, without knowing the secret key?
The Verify() method can do this - even if since you don't know the secret, it will return "invalid".
Therefore, it is not the most convenient way...I've just added a new Payload optional parameter to TJWTAbstract.VerifyPayload() so that you may be able to easily check the payload content as a TDocVariantData.
See https://synopse.info/fossil/info/3e0909f6e2
Exactly, I store some info which interests the client on the payload. The VerifyPayload() is now perfect. Thanks.
Offline
#6 2018-03-03 14:33:14
- fabioxgn
- Member
- Registered: 2015-11-06
- Posts: 34
Re: How to use JWT token on the client side
ab, don't know if you already noticed but now the SynCrypto unit has a hint:
SynCrypto.pas(14221) Hint: H2443 Inline function '_Json' has not been expanded because unit 'System.Variants' is not specified in USES listOffline
#7 2018-03-03 19:06:03
Re: How to use JWT token on the client side
Indeed.
Please check https://synopse.info/fossil/info/45672ac6b7
Offline
#8 2018-03-05 18:20:25
- fabioxgn
- Member
- Registered: 2015-11-06
- Posts: 34
Re: How to use JWT token on the client side
ab, one last question, is this the correct way to read the payload?
var
Payload: Variant;
Data: TDocVariantData;
begin
if TJWTAbstract.VerifyPayload(Token, '', 'mormot', '', nil, nil, @Payload) <> jwtValid then
raise EError.Create('Invalid token');
Data := TDocVariantData(Payload);
Value := Data.S['key'];Offline
Pages: 1