The Sphinx login component does not provide a property for storing secret

Dear Support,

The Sphinx login component does not provide a property for storing secret. We get back a code and how do you get back a JWT token at the end? As we know the secret is necessary for getting the JWT token.
How is the validity of JWT token verified?

One of our client would like to know these information.

Thanks.
Diagram.pdf (87.2 KB)

Hi,

Sorry, I didn't understand your diagram very well.

But regardless, about Sphinx, have you checked the Sphinx demo? It implements all the flow for authenticating, including generating the JWT with a secret.

In the case of the demo, you can see that the JWT secret is provided in the event TSphinxConfig.OnGetSigningData:

procedure TForm7.SphinxConfig1GetSigningData(Sender: TObject; Args: TGetSigningDataArgs);
begin
  Args.Data.Key := TEncoding.UTF8.GetBytes('a secret that has the minimum length');
end;

Dear support,

Thanks for your answer, but I would ask the question in a different way.

How is it possible that the Tsphinx login component does not need to specify a secret property. No secret property can be specified. Still, the process works well.

Please ignore the diagram I sent earlier.

The Sphinx login is client-side. Of course, you can't (and shouldn't) have a secret at client-side.

The Sphinx login communicates with the Sphinx server, the user provides its credentials and then the server returns a JWT signed with the secret provided at server-side.