You are not logged in.
- Topics: Active | Unanswered
#1 2022-07-11 16:08:28
- dcoun
- Member
- From: Crete, Greece
- Registered: 2020-02-18
- Posts: 430
JWT from Mormot2 does not get verified in jwt.io & token.dev
I am using JWT created with mormot2 that get validated by mormot2 and everything seems ok
They are created by the following code:
var jw:TJWTAbstract;
jw:=TJwtHS512.Create('Alibaba et 40 voleurs', 60000, [jrcIssuer, jrcSubject, jrcExpirationTime], [], 50);
try
result:=jw.Compute(['id',pt.IDValue],'MyServer','user');
finally
jw.Free;
end;The validation is done with one line code:
srv.JwtForUnauthenticatedRequest:=TJwtHS512.Create('Alibaba et 40 voleurs', 60000, [jrcIssuer, jrcSubject, jrcExpirationTime], [], 50);The above works.
From curiosity I copied the created JWT to the webpage for evaluation it exists in jwt.io & token.dev and signature is shown as invalid
I tried with 0 aSecretPbkdf2Round and with empty password or by entering the password in jwt.io but signature is always invalid.
Is there a mistake from my side in Mormot2?
Offline
#2 2022-07-11 20:26:38
Re: JWT from Mormot2 does not get verified in jwt.io & token.dev
Our HMAC SHA-512 is tested against reference vectors, so I guess it is correct.
It is likely a password derivation issue.
Jwt.io and token.dev do not derivate the secret from the password in the same way mORMot does.
Offline
#3 2022-07-12 06:23:35
- dcoun
- Member
- From: Crete, Greece
- Registered: 2020-02-18
- Posts: 430
Re: JWT from Mormot2 does not get verified in jwt.io & token.dev
It is OK. I was anxious if something is missing and I have a fake authentication from JWT and Mormot2
Thank you @ab
Offline