Skip to content

Home

Jump to bottom Edit New page
Paolo Rossi edited this page Nov 8, 2016 · 4 revisions

Welcome to the delphi-jose-jwt wiki!

TOC

  1. Concepts
    1.1 What is JOSE
    1.2 What is JWT
    1.3 What is JWS
  2. Code samples
    2.1 Create and sign a JWT
    2.2 Verify a JWT (simpler way)
    2.3 Consume a JWT using a TJOSEConsumer
    2.4 Validate claims
    2.5 Validate custom claims

JWT on jwt.io

Delphi implementation of JWT (JSON Web Token) and the JOSE (JSON Object Signing and Encryption) specification suite. This library supports the JWS (JWE is support planned) compact serializations with several JOSE algorithms.

Important!

The HMAC algorithm uses OpenSSL through the Indy library, so in order to generate the token you should have the OpenSSL DLLs in your server system. The client doesn't have to generate or verify the token (using HMAC) so on the client-side there's no need for the OpenSSL DLLs. You can download the OpenSSL package at the fulgan website (keep in mind to always download the latest version)

General Features

  • Token serialization
  • Token deserialization
  • Claims validation
    • exp, iat, nbf claims validatation - supported
    • aud, iss, sub claims validatation - planned
  • Sign algorithms
    • NONE, HS256, HS384, HS512 algorithms - supported
  • Encryption algorithms
    • RS256, RS384, RS512 algorithms - planned
    • ES256, ES384, ES512, PS256, PS384, PS512 algorithms - not (yet) planned
    • Not affected by theNonealgorithm vulnerability

This library is not susceptible to the recently discussed encryption vulnerability.

Add a custom footer
Add a custom sidebar
Clone this wiki locally