Authentication with JWT


Have several questions about authentication using JWT:

Module.AddMiddleware(TJwtMiddleware.Create('secret', True));

1. We must use the 'secret' here?
    Result := TJOSE.SHA256CompactToken('secret', JWT);

2. Above we use forbid anonymous access for TJwtMiddleware
How we can get Token for this situation?

Also in the first question I mean: we must to use the same secret.

No way to edit messages in the forum?

You must create the token using a specific secret (just use random characters, not "secret" of course). 

Then in the JWT middleware you should use the same secret so it's able to validate tokens generated by you.

Ok, thanks, what you can recommend with forbidden anonymous access:

Module.AddMiddleware(TJwtMiddleware.Create('secret', True));

How we should implement the first time connect to get Token?
Hello again,

I'm have this code:

  // Auth Service
  AuthModule := TXDataServerModule.Create('http://+:' + APort + '/auth', CreateServicePool);
  AuthModule.AddMiddleware(TJwtMiddleware.Create('secret', False, True));

  // Data Services
  DataModule := TXDataServerModule.Create('http://+:' + APort + '/data', CreateServicePool);
  DataModule.AddMiddleware(TJwtMiddleware.Create('secret', True, True));

This is possible to make available via Uri: 'http://+:' + APort + '/auth'
only one service for receiving token?
And all other service must be available via Uri: 'http://+:' + APort + '/data'

Or I should create one module for both?

And also question about CreateServicePool realization. Below 2 variants, 

both are works, but which should be used?

  function CreateServicePool1: IDBConnectionPool;
    Result := TDBConnectionPool.Create(PoolSize, TDBConnectionFactory.Create(
      function: IDBConnection
        Result := TSQLiteNativeConnectionAdapter.Create(':memory:');

  function CreateServicePool: IDBConnectionPool;
    Result := TDBConnectionPool.Create(PoolSize, TDBConnectionFactory.Create(
      function: IDBConnection
        Connection: TAureliusConnection;
        Connection := TAureliusConnection.Create(nil);
        Connection.Params.Values['Database'] := ':memory:';
        Connection.Params.Values['DriverID'] := 'SQLite';
        Result := Connection.CreateConnection;

You can simply allow anonymous access in the middleware and then prevent accessing the protected API. Or, use a different Sparkle module for the protected part of the API and another one for the API that allows anonymous access.

Yes, sure, that's one good approach.

Both approaches are fine. But personally I'd prefer the first one as TAureliusConnection is actually just a wrapper around the first one.
Also note that specifically for SQLite in-memory databases, you should always have a pool of size 1, since each new in-memory SQLite database you create will be a different one.