You are not logged in.
I am using a TRestHttpClientWinHttp to call inteface services in a Mormot2 server and I am not using sessions.
As far as I can understand, Mormot2 does not support JWT by internal design. There is no TRestClientAuthentication for JWTs.
In the server, I am checking if JWT header exists and if it is valid in each interface call
In the client, is it possible to use OnAuthentificationFailed event to refresh the expired JWT that the client should send in each interface call?
If I implement a timer based renew function running in the background, how can I protect the client from accessing the SessionHttpHeader during the timeframe it is set by the renew function?
Edit:
Is there an OnCall event that runs before a service inteface call is made by a TRestHttpClientWinHttp ? I noticed that SessionHttpHeader is added to headers once before the loop of OnAuthentificationFailed
Thank you in advance
Last edited by dcoun (2022-12-02 07:37:56)
Offline
You can use JWT on the server side, not part of the authentication classes, but as a TRestServer.JwtForUnauthenticatedRequest.
Within the service, you can access the JWT content using TRestServerUriContext.JwtContent field.
Then supply the JWT as part of the client as regular bearer in TRestClientUri.SessionHttpHeader.
See https://synopse.info/forum/viewtopic.ph … 454#p25454
and https://synopse.info/forum/viewtopic.php?id=4840
and https://synopse.info/forum/viewtopic.php?id=6336
Offline
Thank you @ab, I have already searched the above forum threads.
I have already created the server side implementation and it works OK
My problem now is the client. From the above links probably you mean the https://synopse.info/forum/viewtopic.ph … 051#p30051 but it is besed on sessions as far as I can understand
Do you propose a solution without sessions?
Offline
using OnAuthentificationFailed with result (true/false) and changing TRestClientUri.SessionHttpHeader it does not work
Also, SessionHttpHeader is added to headers once before the loop of OnAuthentificationFailed
Offline
You are right.
I hope https://github.com/synopse/mORMot2/commit/244fe0e5 could help.
Thanks for the feedback.
Offline
Thank you a lot @ab. It works perfectly now with the JWTs from the client side.
Offline