|
Title: JSON Web Token (JWT) Post by: HalcyonLogic on January 28, 2014, 12:04:42 AM I know this kind of falls outside the scope of RTC, but since I also know there are a bunch of really smart folks on this forum, I am hoping someone could provide some guidance.
To your knowledge, how would one generate a JSON Web Token (JWT) in Delphi? Are you aware of a Delphi library of some sort? Thanks in advance. Richard Title: Re: JSON Web Token (JWT) Post by: BackDream on November 01, 2014, 03:02:28 AM I think it would be very interesting if the REST/JSON example that's found in the QuickStart subfolder was slightly improved to show how to handle at least Token authentication.
The world is going REST and JSON, and has practically abandoned XML-RPC and SOAP. I'm sure more and more users would like to build the server app with RealThinClient and the client app with any combination of HTML5/jQuery/Bootstrap/Angular.js/... I cast my vote (even though this isn't a poll) towards a short-term inclusion of richer REST+JSON examples in the RTC package... and in the longer run I think RTC should provide JSON as one of the selectable "DataFormat" in RTCModule component, with choice of Token/OAuth/OAuth2 authentication, and a true stateless architecture (to parallelize many servers without the need to share session data). Title: Re: JSON Web Token (JWT) Post by: D.Tkalcec (RTC) on November 01, 2014, 09:21:50 AM According to the information I've found so far on this topic, JSON Web Tokens fall into the scope of cryptography and RTC is not a cryptographic library.
But, I did find an Open Source Delphi Project which seems to have JWT support (https://github.com/grahamegrieve/fhirserver/blob/master/Libraries/support/JWT.pas), so it might help you get started. It looks like that Project is under active development and the author provided his E-Mail address, so you could also try shooting him an E-Mail if you need help (https://github.com/grahamegrieve). Or ... you could try contacting one of the Delphi cryptography component vendors like StreamSec or Eldos to ask if they have something ready to be used out-of-the-box. Best Regards, Danijel Tkalcec Title: Re: JSON Web Token (JWT) Post by: Henrick (StreamSec) on November 01, 2014, 07:28:25 PM A word of warning. There is no standard, or even de facto standard, for JSON Web Token. The most authoritative specification that exists, is an internet draft, which is currently at version 30. The only variant of JWT that most current implementations seem to agree on, is the HMAC-SHA256 variant. This is also fairly easy to implement using ST 2.x or ST 4.0, provided that you already have a working knowledge of JSON.
|