TJWT question

[xinyiman]

Hi guys, I have to do an authentication system for software written in lazarus (and indy) to get an MVC site where the model is managed with json results. To get the json data I make GET calls to get the data. Up to here everything is ok. What I would like to understand is how to make an authentication system based on the JWT token. I saw that with the fpjwt unit it is possible to create one. But who has a small example to understand how to make it? Also you have other condyles to give me?

Thank you

[xinyiman]

No help?

[Trenatos]

I took a look at FPJWT yesterday, it seems pretty straight forward, except I can't figure out how to create the secret or private claims  :/

https://github.com/graemeg/freepascal/blob/master/packages/fcl-web/src/base/fpjwt.pp

[Trenatos]

Good article about JWTs - https://jwt.io/introduction/

[xinyiman]

Thank you

[Trenatos]

The short version though: Token data is safely verifiable, but the data is not secure.

You have to encrypt data you put in the token if you want it to be safe, and use all the standard best practices for encryption security.

So using it for authentication usually means using the 'exp' claim (expiration), encrypt the data inside the tokens private claims, and verify that each time it's used.

[anfm]

Hi guys, I have to do an authentication system for software written in lazarus (and indy) to get an MVC site where the model is managed with json results. To get the json data I make GET calls to get the data. Up to here everything is ok. What I would like to understand is how to make an authentication system based on the JWT token. I saw that with the fpjwt unit it is possible to create one. But who has a small example to understand how to make it? Also you have other condyles to give me?

Thank you

Check this repository - https://github.com/andre-djsystem/LazJWT