JWT Authentication

Wareham_Jonathan · December 23, 2016, 4:05pm

Hi,

I am implementing JSON Web Token authentication in my Sparkle server using the JWT middleware and have a quick question. I can see that when the server sees an 'Authorization' header with a 'Bearer' value then the JWT middleware tries to verify the token. If the token fails verification, the server returns with 401 and with a response body of 'Invalid JWT'. This is OK, but I'd like to customise the response body if possible. I can see when it fails verification, the 'ProcessRequest' method doesn't even fire so I can't see where I would do this?

Thanks and Happy Christmas!

Jonathan

wlandgraf · December 23, 2016, 5:14pm

Hi Jonathan,

you can create your own middleware descending from TJwtMiddleware and override the UnauthorizedAnswer method:



procedure TMyJwtMiddleware.UnauthorizedAnswer(Context: THttpServerContext; const Msg: string);
begin
  if Msg = 'Invalid JWT' then
    UnauthorizedAnswer(Context, 'Another message')
  else
    UnauthorizedAnswer(Context, Msg);
end;

Wareham_Jonathan · December 28, 2016, 1:31pm

Excellent, many thanks Wagner.