Servidor JWT
Server-side JWT validation. Plug TsgcHTTP_JWT_Server into a TsgcWebSocketHTTPServer to verify Authorization Bearer tokens before dispatching requests.
Server-side JWT validation. Plug TsgcHTTP_JWT_Server into a TsgcWebSocketHTTPServer to verify Authorization Bearer tokens before dispatching requests.
Verifies inbound JWTs against your signing keys (HMAC, RSA, ECDSA, EdDSA), checks exp/nbf/aud/iss claims and rejects mismatched tokens with a typed event for the application layer.
TsgcHTTP_JWT_Server
Windows, macOS, Linux, iOS, Android
Enterprise
Drop a TsgcHTTP_JWT_Server, configure the verifying keys (or a JWKS URL) and attach to TsgcWebSocketHTTPServer.JWT — all incoming requests are validated automatically.
uses
sgcWebSocket, sgcHTTP;
var
Server: TsgcWebSocketHTTPServer;
JWT: TsgcHTTP_JWT_Server;
begin
JWT := TsgcHTTP_JWT_Server.Create(nil);
JWT.JWTOptions.Algorithms.HS.Secret := 'shared-secret';
JWT.JWTOptions.Verify.Issuer := 'auth.example.com';
JWT.JWTOptions.Verify.Audience := 'api.example.com';
Server := TsgcWebSocketHTTPServer.Create(nil);
Server.Port := 8443;
Server.SSL := True;
Server.Authentication.JWT.Enabled := True;
Server.Authentication.JWT.Server := JWT;
Server.Active := True;
end;// uses: sgcWebSocket, sgcHTTP
TsgcHTTP_JWT_Server *JWT = new TsgcHTTP_JWT_Server(this);
JWT->JWTOptions->Algorithms->HS->Secret = "shared-secret";
TsgcWebSocketHTTPServer *Server = new TsgcWebSocketHTTPServer(this);
Server->Authentication->JWT->Enabled = true;
Server->Authentication->JWT->Server = JWT;
Server->Active = true;Server-side JWT verifier that integrates directly with TsgcWebSocketHTTPServer and TsgcWebSocketServer authentication.
Supports HS256/384/512, RS256/384/512, ES256/384/512, PS256/384/512 and EdDSA. Multiple keys (kid-indexed) can be loaded for key rotation.
Verify.Issuer, Verify.Audience, Verify.Subject, Verify.NotBefore, Verify.ExpirationTime are all enforced against the inbound payload by default.
Point JWTOptions.JWKS.URL at an issuer JWKS endpoint — the component fetches the public keys, caches them and rotates per the JWK kid in each token header.
OnAuthError exposes the rejection reason (signature mismatch, expired, audience mismatch); your app decides whether to 401 or fall back.
Works for TsgcWebSocketServer too — the WebSocket upgrade carries the Authorization header, the JWT server verifies before OnConnect fires.
Encrypted JWE tokens are decoded and verified inline using the configured private key (RSA-OAEP, ECDH-ES key wrap; AES-CBC / AES-GCM content encryption).
Enlace directo a la referencia del componente, descarga el proyecto demo listo para ejecutar y la prueba gratuita.
| Online Help — TsgcHTTP_JWT_Server Referencia completa de propiedades, métodos y eventos de este componente. | Abrir | |
| Demo Project — Demos\20.HTTP_Protocol\05.JWT Proyecto de ejemplo listo para ejecutar. Se incluye en el paquete sgcWebSockets — descarga la prueba gratuita más abajo. | Abrir | |
| Documento técnico (PDF) Características, inicio rápido, ejemplos de código para Delphi y C++ Builder y referencias de fuentes primarias — solo este componente. | Abrir | |
| Manual de usuario (PDF) Manual completo que cubre todos los componentes de la biblioteca. | Abrir |