From sgcWebSockets 4.4.8 JWT Tokens are supported on Server Components.
The TsgcHTTP_JWT_Server component allows to decode and validate JWT tokens received in WebSocket Handshake when using WebSocket protocol or as HTTP Header when using HTTP protocol.
Configuration
You can configure the following properties in the JWTOptions property of the component:
If the Signature is validated using a Public Key (RS and ES algorithms), set the value in the PublicKey property of the Algorithm.
If the Signature is validated using a Secret (HS algorithms), set the value in the Secret property of the Algorithm.
To validate JWT tokens, just attach a TsgcHTTP_JWT_Server instance to Authentication.JWT.JWT property of the WebSocket/HTTP Server.
Checks property allows to enable some checks in the Payload of JWT, by default checks if the issued dates are valid.
Events
Use the following events to control the flow of JWT Validating Token.
OnJWTBeforeRequest
The event is called when a new HTTP / WebSocket connection is detected and before any validation is done. This connection can contain or not a JWT Token.
If you don't want to process this Connection using JWT Validation, just set the Cancel parameter to True (means that this connection will bypass JWT validations).
By default, all connections continue the process of JWT validation.
OnJWTBeforeValidateToken
The event is called when the connection contains an Authorization token and before is validated.
If you don't want to validate this token, just set the Cancel parameter to True (means that this connection will bypass JWT validations).
By default, all connections continue the process of JWT validation.
OnJWTBeforeValidateSignature
This event is called after the token has been decoded, so using Header and Payload parameters you have access to the content of JWT and before the signature is validated.
The parameter Secret is the secret that will be used to validate the signature and uses the PublicKey or Secret of the JWTOptions property. If this Token must be validated with another secret, the new value can be set to Secret parameter.
By default, all signatures are validated
OnJWTAfterValidateToken
The event is called after the signature has been validated, the parameter Valid shows if the signature is correct or not. If it's not correct the connection will be closed, otherwise the connection will continue.
You can access to the content of Header and Payload of JWT using the arguments provided.
If there is any error validating the JWT, will be informed in the Error argument.
OnJWTException
If there is any exception while processing the JWT Decoding and Validation, this event will be called with the content of error.