TsgcHTTP_JWT_Client
Click here to see this page in full context

JWT | TsgcHTTP_JWT_Client

The TsgcHTTP_JWT_Client component allows to encode and sign JWT Tokens, attached to a WebSocket Client or HTTP/2 client, the token will be sent automatically as an Authorization Bearer Token Header.

Configuration

You can configure the JWT values in the JWTOptions properties, there are 2 main properties: Header and Payload, just set the values for every required property.

 

If the Signature is encrypted using a Private Key (RS and ES algorithms), set the value in the PrivateKey property of the Algorithm.

If the Signature is encrypted using a Secret (HS algorithms), set the value in the Secret property of the Algorithm.

 

OpenSSL Options

Configure which openSSL libraries you will use when using JWT client.

 

OpenSSL_Options: configuration of the openSSL libraries.

APIVersion: allows to define which OpenSSL API will be used.

oslAPI_1_0: uses API 1.0 OpenSSL, it's latest supported by Indy

oslAPI_1_1: uses API 1.1 OpenSSL, requires our custom Indy library and allows to use OpenSSL 1.1.1 libraries (with TLS 1.3 support).

oslAPI_3_0: uses API 3.0 OpenSSL, requires our custom Indy library and allows to use OpenSSL 3.0.0 libraries (with TLS 1.3 support).

LibPath: here you can configure where are located the openSSL libraries

oslpNone: this is the default, the openSSL libraries should be in the same folder where is the binary or in a known path.

oslpDefaultFolder: sets automatically the openSSL path where the libraries should be located for all IDE personalities.

oslpCustomFolder: if this is the option selected, define the full path in the property LibPathCustom.

LibPathCustom: when LibPath = oslpCustomFolder define here the full path where are located the openSSL libraries.

UnixSymLinks: enable or disable the loading of SymLinks under Unix systems (by default is enabled, except under OSX64):

oslsSymLinksDefault: by default are enabled except under OSX64 (after MacOS Monterey fails trying to load the library without version.).

oslsSymLinksLoadFirst: Load SymLinks and do before trying to load the version libraries.

oslsSymLinksLoad: Load SymLinks after trying to load the version libraries.

oslsSymLinksDontLoad: don't load the SymLinks.

 

Custom Headers

The Header and Payload properties contains the most common headers used to generate a JWT, but you can add more headers calling the method AddKeyValue and passing the Key and Value as parameters.

Example: if you want add a new record in the JWT Header with your name, use the following method

 


Header.AddKeyValue('name', 'John Smith');

 

After configuring the properties, to generate the JWT, just call the method Sign and will return the value of the JWT.

 

WebSocket Client and JWT

TsgcWebSocketClient allows the use of JWT when connecting to WebSocket servers, just create a new JWT client and assign to Authentication.Token.JWT property.

 


oClient := TsgcWebSocketClient.Create(nil);
oClient.URL := 'ws://www.esegece.com:2052';



oJWT := TsgcHTTP_JWT_Client.Create(nil);
oJWT.JWTOptions.Header.alg := jwtRS256;
oJWT.JWTOptions.Payload.sub := '1234567890';
oJWT.JWTOptions.Payload.iat := 1516239022;



oClient.Authentication.Enabled := True;
oClient.Authentication.URL.Enabled := False;
oClient.Authentication.Token.Enabled := True;
oClient.Authentication.Token.JWT := oJWT;
oClient.Active := True;

 

HTTP Clients and JWT

TsgcHTTP2Client and TsgcHTTP1Client allows the use of JWT when connecting to HTTP/2 servers, just create a new JWT client and assign to Authentication.Token.JWT property.

 


oHTTP := TsgcHTTP2Client.Create(nil);



oJWT := TsgcHTTP_JWT_Client.Create(nil);
oJWT.JWTOptions.Header.alg := jwtRS256;
oJWT.JWTOptions.Payload.sub := '1234567890';
oJWT.JWTOptions.Payload.iat := 1516239022;



oHTTP.Authentication.Token.JWT := oHTTP;
oHTTP.Get('https://your.api.com');

 

Expiration

The Authorization Token can be re-created every time you send an HTTP request using an HTTP client or can be reused several times till it expires.

Example: calling Apple APNs using Tokens, requires that the token is reused at least during 20 minutes and at a maximum of 1 hour. Use the Property RefreshTokenAfter to set the seconds when the token will expire, for example after 30 minutes.


RefreshTokenAfter = 60 * 40.

 

Create JWT Signature

You can create JWT Signatures manually to use on applications that doesn't make use of WebSocket or HTTP Protocol, or if you are using components from third-parties applications and you only need the JWT Token.

 

In order to obtain the JWT Signature, just create a new instance of the JWT Client and fill the properties manually, when all properties are set, call the method Sign and it will return the JWT Token.

 


oJWT := TsgcHTTP_JWT_Client.Create(nil);
// ... header
oJWT.JWTOptions.Header.alg := jwtHS256;
oJWT.JWTOptions.Algorithms.HS.Secret := '79F66F1E-E998-436B-8A0A-3E5DEFA4FD9E';
// ... payload
oJWT.JWTOptions.Payload.jti := '9B66FB94-B761-42B1-A1AF-3C44233DBE87';
oJWT.JWTOptions.Payload.iat := 1630925658;
oJWT.JWTOptions.Payload.iss := '2886EC7547B7BA6A9009';
oJWT.JWTOptions.Payload.exp := 1630933158;
// ... custom payload values
oJWT.JWTOptions.Payload.ClearKeyValues;
oJWT.JWTOptions.Payload.AddKeyValue('origin', 'www.yourwebsite.com');
oJWT.JWTOptions.Payload.AddKeyValue('ip', '69.39.46.178');
// ... get JWT Token
ShowMessage(oJWT.Sign);