Pages: 1

#1 2023-08-02 20:46:17

mrbar2000
Member
From: Brazil
Registered: 2016-10-26
Posts: 56

Anyone has a JWT Authentication scheme

I see some posts on group about jwt. for sample:
1. https://synopse.info/forum/viewtopic.php?id=4840

but i have some problems with retrieve session, release session, etc..?
the implementation create 1 session to each request, when should be by user (TAuthSession.AuthUser).
I need refreshtoken too.
Anyone has a more complete implementation?
Anyone can help us?

Offline

#2 2023-08-03 07:10:38

ab
Administrator
From: France
Registered: 2010-06-21
Posts: 14,240
Website

Re: Anyone has a JWT Authentication scheme

Note that this third-party implementation is not supported.
We did not include such a class, because in fact, a JWT should contain the session information itself (this is how a JWT stateless session works), and not use the stateful in-memory sessions of our REST or RPC schemes.
https://stackoverflow.com/a/55887742/458259

To implement properly a JWT, you could rather use TRestServer.JwtForUnauthenticatedRequest.
Then, once authenticated, you got the JWT payload information (and any session you wish) within TRestUriContext.JwtContent.

For the renew, you may use your own service to recompute a token, as you did to return the initial token.
This is to be defined at service level, e.g. using OAuth2 or something similar, and is outside of the scope of TRestServer: currently, TRestServer does not return the initial token.

Offline

Pages: 1

Board footer

Powered by FluxBB