#1 2022-08-17 20:31:07

dcoun
Member
From: Crete, Greece
Registered: 2020-02-18
Posts: 430

JWT authentication for selected interfaces

Is it possible in a TRestServer to have 2 interfaces and to enable JWT checking only for the one interface?
I can set the JwtForUnauthenticatedRequest in a Trestserver.
Using TServiceFactoryServerAbstract as returned by TRestServer.ServiceDefine has a lot of function for classic authentication but not for JWT

Also, an other question. How can I disable access to an interface from a http client if websocket connected is not upgraded and used?
Thank you in advance

Offline

#2 2022-08-18 06:43:01

ab
Administrator
From: France
Registered: 2010-06-21
Posts: 14,655
Website

Re: JWT authentication for selected interfaces

My guess is that you can just set the OnBeforeBody even of the HTTP server itself, and validate the input.

In this very same OnBeforeBody, you can:
- Require a JWT in the BearerToken parameter for some URIs (therefore, some interface)
- Deny any access on some other interface URIs for regular requests - once upgraded to WebSockets, OnBeforeBody is not called.

But the URI verification has to be done manually.

Offline

#3 2022-08-18 07:18:49

dcoun
Member
From: Crete, Greece
Registered: 2020-02-18
Posts: 430

Re: JWT authentication for selected interfaces

Thanks a lot @ab

Offline

Board footer

Powered by FluxBB