JSON Web Token (JWT) implementation needed

classic Classic list List threaded Threaded
6 messages Options
Reply | Threaded
Open this post in threaded view
|

JSON Web Token (JWT) implementation needed

leledumbo
Administrator
Is there anyone already implements https://tools.ietf.org/html/rfc7519? I find a Delphi implementation (https://github.com/paolo-rossi/delphi-jose-jwt), but it uses the new Delphi RTL with System. namespace. I don't want to reinvent the wheel if possible, so if there's already one for FPC, that would be great :D
Reply | Threaded
Open this post in threaded view
|

Re: JSON Web Token (JWT) implementation needed

Michael Van Canneyt


On Wed, 6 Jan 2016, leledumbo wrote:

> Is there anyone already implements https://tools.ietf.org/html/rfc7519? I
> find a Delphi implementation
> (https://github.com/paolo-rossi/delphi-jose-jwt), but it uses the new Delphi
> RTL with System. namespace. I don't want to reinvent the wheel if possible,
> so if there's already one for FPC, that would be great :D

FPC supports OAuth2. So we need JWT :)

See:

fcl-web/src/base/fpjwt.pp

If things are missing, let me know and we can add it.

Michael.
_______________________________________________
fpc-pascal maillist  -  [hidden email]
http://lists.freepascal.org/cgi-bin/mailman/listinfo/fpc-pascal
Reply | Threaded
Open this post in threaded view
|

Re: JSON Web Token (JWT) implementation needed

leledumbo
Administrator
> See:
>
> fcl-web/src/base/fpjwt.pp

Ah, didn't notice this unit. Perhaps it was on the same batch as google API? Thanks anyway, always love FPC because of this provided non-trivial functionalities :)
Reply | Threaded
Open this post in threaded view
|

Re: JSON Web Token (JWT) implementation needed

leledumbo
Administrator
This post was updated on .
In reply to this post by Michael Van Canneyt
Some questions: 1. How to verify the signature? My grep result in packages folder doesn't show that we have HMAC256 function. 2. The following sample: {$mode objfpc}{$H+} uses fpjwt, jsonparser; const EncodedStr = 'eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiYWRtaW4iOnRydWV9.TJVA95OrM7E2cBab30RMHrHDcEfxjoYZgeFONFh7HgQ'; var j: TJWT; begin j := TJWT.Create; j.AsString := EncodedStr; WriteLn(j.AsString); WriteLn(EncodedStr); j.Free; end. Shows that the original EncodedStr and j.AsString differs. Is this OK or a bug?
Reply | Threaded
Open this post in threaded view
|

Re: JSON Web Token (JWT) implementation needed

Michael Van Canneyt


On Fri, 8 Jan 2016, leledumbo wrote:

> Some questions:1. How to verify the signature? My grep result in packages
> folder doesn't show that we have HMAC256 function.

I didn't implement verification, and I don't plan any.
But contributions are welcome.

> 2. The following
> sample:{$mode objfpc}{$H+}uses  fpjwt, jsonparser;const  EncodedStr =
> 'eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiYWRtaW4iOnRydWV9.TJVA95OrM7E2cBab30RMHrHDcEfxjoYZgeFONFh7HgQ';var
> j: TJWT;begin  j := TJWT.Create;  j.AsString := EncodedStr;
> WriteLn(j.AsString);  WriteLn(EncodedStr);  j.Free;end.Shows that the
> original EncodedStr and j.AsString differs.
> Is this OK or a bug?

That is OK.
The encoded value depends for example on the amount of whitespace in the JSON.
Also, JSON doesn't specify an order of keys (property names), so the input and
output keys can be in a different order, which will also result in a different
encoded value.

Michael.
_______________________________________________
fpc-pascal maillist  -  [hidden email]
http://lists.freepascal.org/cgi-bin/mailman/listinfo/fpc-pascal
Reply | Threaded
Open this post in threaded view
|

Re: JSON Web Token (JWT) implementation needed

leledumbo
Administrator
> I didn't implement verification, and I don't plan any.
> But contributions are welcome.

Looks like a new entry in hmac unit + new sha256 unit would be needed. Codes are around the net but sticking to existing hash package citizens would be better for FPC future. Hope my crypto skill still stands :)

> That is OK.
> The encoded value depends for example on the amount of whitespace in the JSON.
> Also, JSON doesn't specify an order of keys (property names), so the input and
> output keys can be in a different order, which will also result in a different
> encoded value.

Understood.