I made a bit progress but now I am stuck:
I added the parameter
TJwtMiddleware.create(Serversecret,true));
to disallow anonymous access.
Now remoteDB returns "Authentication failes - 401" without token but also if I supply the token. Perhaps the way I am adding the token is wrong?
...
FDB := TRemoteDBDatabase.Create(nil);
FDB.OnHttpClientCreate := OnHttpClientCreate;
FDB.UserName := '';
FDB.PassWord := '';
FDB.ServerUri := Uri;
FDB.Compress := True;
FDB.OnHttpClientCreate := OnHttpClientCreate;
FDB.UserName := '';
FDB.PassWord := '';
FDB.ServerUri := Uri;
FDB.Compress := True;
...
procedure TDB.OnHttpClientCreate(Sender: TObject; Client: THTTPClient);
begin
// Allow self signed certificate (as we only use it for encryption)
TWinHttpEngine(Client.Engine).BeforeWinHttpSendRequest :=
procedure(Handle: HINTERNET)
var
dwFlags: DWORD;
begin
dwFlags := SECURITY_FLAG_IGNORE_UNKNOWN_CA or
SECURITY_FLAG_IGNORE_CERT_WRONG_USAGE or
SECURITY_FLAG_IGNORE_CERT_CN_INVALID or
SECURITY_FLAG_IGNORE_CERT_DATE_INVALID;
WinHttpCheck(WinHttpSetOption(Handle, WINHTTP_OPTION_SECURITY_FLAGS, @dwFlags, SizeOf(dwFlags)));
end;
// set the authentication JsonWebToken
Client.OnSendingRequest :=
procedure(Req: THttpRequest)
begin
Req.Headers.SetValue('Authorization', 'Bearer ' + FJWT);
end;
end;
begin
// Allow self signed certificate (as we only use it for encryption)
TWinHttpEngine(Client.Engine).BeforeWinHttpSendRequest :=
procedure(Handle: HINTERNET)
var
dwFlags: DWORD;
begin
dwFlags := SECURITY_FLAG_IGNORE_UNKNOWN_CA or
SECURITY_FLAG_IGNORE_CERT_WRONG_USAGE or
SECURITY_FLAG_IGNORE_CERT_CN_INVALID or
SECURITY_FLAG_IGNORE_CERT_DATE_INVALID;
WinHttpCheck(WinHttpSetOption(Handle, WINHTTP_OPTION_SECURITY_FLAGS, @dwFlags, SizeOf(dwFlags)));
end;
// set the authentication JsonWebToken
Client.OnSendingRequest :=
procedure(Req: THttpRequest)
begin
Req.Headers.SetValue('Authorization', 'Bearer ' + FJWT);
end;
end;