JWT Authentication


I am implementing JSON Web Token authentication in my Sparkle server using the JWT middleware and have a quick question.  I can see that when the server sees an 'Authorization' header with a 'Bearer' value then the JWT middleware tries to verify the token.  If the token fails verification, the server returns with 401 and with a response body of 'Invalid JWT'.  This is OK, but I'd like to customise the response body if possible.  I can see when it fails verification, the 'ProcessRequest' method doesn't even fire so I can't see where I would do this?

Thanks and Happy Christmas!

Hi Jonathan,

you can create your own middleware descending from TJwtMiddleware and override the UnauthorizedAnswer method:

procedure TMyJwtMiddleware.UnauthorizedAnswer(Context: THttpServerContext; const Msg: string);
  if Msg = 'Invalid JWT' then
    UnauthorizedAnswer(Context, 'Another message')
    UnauthorizedAnswer(Context, Msg);

Excellent, many thanks Wagner.