how to create jwt token base rest api

[rvk]

Just to be sure.

Use the trunk options at the top of the screen, in the columns FPC version and Lazarus version Then press Install/update FPC + Lazarus.
I am not sure if the button trunk at the bottom will install the right version.
(See attatchment)

Yes. Trunk at the top for both.
Can you browse to C:\fpcupdeluxe\fpcsrc\packages\fcl-web\src\jwt ?

If you can and it still doesn't work then it could be that you still have references to your old lazarus in your config.

[Prakash]

I have tried all options . it is not working for me .

do you have any alternative options

[rvk]

I have tried all options . it is not working for me .

do you have any alternative options

You have not told us if you have the C:\fpcupdeluxe\fpcsrc\packages\fcl-web\src\jwt directory?
(after using "trunk" for both fpc and lazarus when installing fpcupdeluxe)

The alternative is to use lazjwt (which is explained with a working example for verification on the previous page).

[delphius]

I have tried all options . it is not working for me .

do you have any alternative options

You have not told us if you have the C:\fpcupdeluxe\fpcsrc\packages\fcl-web\src\jwt directory?

There is no time to explain and check, just give him the next solution 

[Prakash]

Method 1


procedure TfrLazJWT.Button1Click(Sender: TObject);
var
  token: string;
  LLazJWT: ILazJWT;


begin
  mDecoded.Lines.Clear;
  try


    TLazJWT
      .New
      .UseCustomPayLoad(true) //Set before Token
      .Token('eyJhbGciOiAiSFMyNTYiLCAidHlwIjogIkpXVCJ9.eyAiaXNzIiA6ICJQcmFrYXNoIiwgImV4cCIgOiAxNjk0MTU0OTk0LCAiaWF0IiA6IDE2OTM5ODIxOTQsICJBYWRoYWFyIiA6IDEwMDIgfQ.wKYbmmhwkAuuJ0FHkysuyXZ2JEcL9xFg3aD11H2rdN8')
      .SecretJWT('chitranshkanuroopaprakash')
      .ValidateToken;


    mDecoded.Lines.Add('Token Verified');


  except
    On E: Exception do
    begin
      mDecoded.Lines.Add(E.Message);
    end;
  end;


end; 


Method 2

procedure TfrLazJWT.Button3Click(Sender: TObject);
var
  token: string;
  LLazJWT: ILazJWT;


begin
  mDecoded.Lines.Clear;
  try


    TLazJWT
      .New(TLazJWTConfig
             .New
             .IsRequiredSubject(False)
             .IsRequiredIssuedAt(False)
             .IsRequiredNotBefore(False)
             .IsRequiredExpirationTime(False)
             .IsRequireAudience(True)
             .ExpectedAudience(['lazarus','djsystem'])
             )
      .UseCustomPayLoad(True) //Set before Token
      .Token('eyJhbGciOiAiSFMyNTYiLCAidHlwIjogIkpXVCJ9.eyAiaXNzIiA6ICJQcmFrYXNoIiwgImV4cCIgOiAxNjk0MTU0OTk0LCAiaWF0IiA6IDE2OTM5ODIxOTQsICJBYWRoYWFyIiA6IDEwMDIgfQ.wKYbmmhwkAuuJ0FHkysuyXZ2JEcL9xFg3aD11H2rdN8')
      .SecretJWT('chitranshkanuroopaprakash')
      .ValidateToken;


    mDecoded.Lines.Add('Token Verified');


  except
    On E: Exception do
    begin
      mDecoded.Lines.Add(E.Message);
    end;
  end;
end; 


I have UseCustomPayLoad with false and true tried , still it is not verifying the token .

[Prakash]

What is issue in above code

[bytebites]

Use code tags

[Prakash]

Dear Team,

I have used https://github.com/andre-djsystem/LazJWT this library .

I can able to create token and verify.

I have other application which is written in golang by using this library ( "github.com/dgrijalva/jwt-go" )

I have to validate golang token in lazarus pascal.

it is not validating .

what will be the error . I have verfied ( https://jwt.io/ ) golang token on this website   

[paweld]

Sample in attachment, but:
for security reasons, the correctness of the signature should be verified only by the issuer of the token - in order not to share the secret key.
The recipient of the token can at most check the expiration date, or other values of the token, but should not know the secret key!

[Prakash]

Thanks for your support .

I have modified your code . It is working for me now . Thanks so much.



function TForm1.Validate(token, secret_key: String; onlySignatureCheck: Boolean; var msg: String): Boolean;
var
  LHMAC: IHMAC;
  barr: TBytes;
  newtoken, s: String;
  i: Integer;
  sarr: TStringArray;


  function Base64ToBase64URL(AValue: string): string;
  begin
    Result := StringsReplace(AValue, ['+', '/'], ['-', '_'], [rfReplaceAll]);
    Result := TrimRightSet(Result, ['=']);
  end;


begin
  msg := '';
  token := Trim(token);


  (*
  Result := False;
  sarr := token.Split(['.'], TStringSplitOptions.ExcludeEmpty);
  if Length(sarr) <> 3 then
  begin
    msg := 'Incorrect token';
    exit;
  end;
  newtoken := sarr[0] + '.' + sarr[1];
  LHMAC := THashFactory.THMAC.CreateHMAC(THashFactory.TCrypto.CreateSHA2_256);
  LHMAC.Key := TConverters.ConvertStringToBytes(secret_key, TEncoding.UTF8);
  barr := LHMAC.ComputeString(newtoken, TEncoding.UTF8).GetBytes();
  s := '';
  for i := Low(barr) to High(barr) do
    s := s + chr(barr);
  newtoken := newtoken + '.' + Base64ToBase64URL(EncodeStringBase64(s));
  Result := token = newtoken;
  *)


  //if Result and not onlySignatureCheck then
  //begin
    newtoken := '';
    newtoken := TLazJWT.New
                  .Token(token)
                  .SecretJWT(secret_key)
                  .Token;
    try
      TLazJWT.New
        .Token(newtoken)
        .SecretJWT(secret_key)
        .ValidateToken;
    except
      on E: Exception do
      begin
        msg := E.Message;
        Result := False;
      end;
    end;
  //end
  //else


end;