#1 2022-12-01 18:34:47

dcoun
Member
From: Crete, Greece
Registered: 2020-02-18
Posts: 430

JWT, OnAuthentificationFailed, and interface services

I am using a TRestHttpClientWinHttp to call inteface services in a  Mormot2 server and I am not using sessions.
As far as I can understand, Mormot2 does not support JWT by internal design.  There is no TRestClientAuthentication for JWTs.
In the server, I am checking if JWT header exists and if it is valid in each interface call

In the client, is it possible to use OnAuthentificationFailed event to refresh the expired JWT that the client should send in each interface call?

If I implement a timer based renew function running in the background, how can I protect the client from accessing the SessionHttpHeader during the timeframe it is set by the renew function?

Edit:
Is there an OnCall event that runs before a service inteface call is made by a TRestHttpClientWinHttp ? I noticed that SessionHttpHeader is added to headers once before the loop of OnAuthentificationFailed

Thank you in advance

Last edited by dcoun (2022-12-02 07:37:56)

Offline

#2 2022-12-02 08:10:43

ab
Administrator
From: France
Registered: 2010-06-21
Posts: 14,655
Website

Re: JWT, OnAuthentificationFailed, and interface services

You can use JWT on the server side, not part of the authentication classes, but as a TRestServer.JwtForUnauthenticatedRequest.
Within the service, you can access the JWT content using TRestServerUriContext.JwtContent field.

Then supply the JWT as part of the client as regular bearer in TRestClientUri.SessionHttpHeader.

See https://synopse.info/forum/viewtopic.ph … 454#p25454
and https://synopse.info/forum/viewtopic.php?id=4840
and https://synopse.info/forum/viewtopic.php?id=6336

Offline

#3 2022-12-02 08:19:06

dcoun
Member
From: Crete, Greece
Registered: 2020-02-18
Posts: 430

Re: JWT, OnAuthentificationFailed, and interface services

Thank you @ab, I have already searched the above forum threads.
I have already created the server side implementation and it works OK
My problem now is the client. From the above links  probably you mean the https://synopse.info/forum/viewtopic.ph … 051#p30051 but it is besed on sessions as far as I can understand
Do you propose a solution without sessions?

Offline

#4 2022-12-02 11:31:26

ab
Administrator
From: France
Registered: 2010-06-21
Posts: 14,655
Website

Re: JWT, OnAuthentificationFailed, and interface services

Just try to set TRestClientUri.SessionHttpHeader

It is used by sessions, but may be used without sessions IIRC.

Offline

#5 2022-12-02 11:47:37

dcoun
Member
From: Crete, Greece
Registered: 2020-02-18
Posts: 430

Re: JWT, OnAuthentificationFailed, and interface services

using OnAuthentificationFailed with result (true/false) and changing TRestClientUri.SessionHttpHeader it does not work
Also, SessionHttpHeader is added to headers once before the loop of OnAuthentificationFailed

Offline

#6 2022-12-02 15:36:16

ab
Administrator
From: France
Registered: 2010-06-21
Posts: 14,655
Website

Re: JWT, OnAuthentificationFailed, and interface services

You are right.

I hope https://github.com/synopse/mORMot2/commit/244fe0e5 could help.

Thanks for the feedback.

Offline

#7 2022-12-03 06:44:25

dcoun
Member
From: Crete, Greece
Registered: 2020-02-18
Posts: 430

Re: JWT, OnAuthentificationFailed, and interface services

Thank you a lot @ab. It works perfectly now with the JWTs from the client side.

Offline

Board footer

Powered by FluxBB