You are not logged in.
Pages: 1
Hello!
We are trying to start using the TJWTHS256 classes. But we immediately faced the issue when trying to verufy the generated tokens in ASP.NET or .NET application.
So I tried the following and that works fine in the code:
var
LToken: TJWTAbstract;
LTokenText: RawUTF8;
...
LToken := TJWTHS256.Create('The secret password', 0, [jrcIssuer, jrcSubject, jrcIssuedAt, jrcJwtID], []);
LTokenText := LToken.Compute(['http://www.ourdomain.com', True], 'Issuer', 'subject', '', 0);
Result := LToken.VerifyPayload(LTokenText, 'subject', 'Issuer', '') = jwtValid;
...
Result in the Delphi app is True. So if I understood correctly - the VerifyPayload method returns true. And also we can see in the generated token that there is a signature in the end.
But when we try to validate the given token outside of Delphi and mORMot world it always says "Invalid signature"!
For example: https://www.jsonwebtoken.io/ parses all the data, but says that the signature is not valid (that also happens in other web-sites). We tried removing the expiration claim but that does not change anything.
Can you help us with understanding what we are doing wrong?
Thank you in advance!
Last edited by zensan (2018-07-04 12:07:39)
Offline
Thank you very much for the info. It worked fine in the end when using the same encoding on .NET side, but also required minimal length of the secret key (it was too short for 256 bit token ).
Offline
Pages: 1