Despite extensively searching the web and experimenting with various code snippets from both the TMS website, blogs, manuals, and the GitHub pages of the Delphi JOSE and JWT Library, I'm still unable to establish security for my GraphQL endpoint using JSON Web Tokens (JWT) and the HS256 hashing algorithm. The documentation seems straightforward, leaving me to believe that I've overlooked something during my troubleshooting process.
I would greatly appreciate it if you could review the attached project files and provide guidance on rectifying this issue to successfully implement the required JWT functionality. For the sake of simplicity, I've copied my code into the "Bookshelf" demo project. The actual project where I'm implementing this involves a GraphQL endpoint that serves as an interface between a website and a database.
Building upon your initial advice, I attempted to utilize the BeforeDispatch approach to validate the JWT before it reaches the GraphQL dispatcher. However, upon compiling the project and launching the browser, I encountered a "signature algorithm header (alg) not set" error.
Here's the HTTP header I've prepared for testing the attached project sources:
I eagerly await your response as it's becoming increasingly evident that I might have made several mistakes in the code. Your assistance would be immensely valuable in untangling this situation.
bookshelf with tokens.zip (95.7 KB)