Git Product home page Git Product logo

delphi-jose-jwt's Introduction

Delphi JOSE and JWT Library


Browse on jwt.io


Delphi implementation of JWT (JSON Web Token) and the JOSE (JSON Object Signing and Encryption) specification suite. This library supports the JWS (JWE is support planned) compact serializations with several JOSE algorithms.

Image of Delphi-JOSE Demo

Important!

The HMAC algorithm uses OpenSSL through the Indy library, so in order to generate the token you should have the OpenSSL DLLs in your server system. The client doesn't have to generate or verify the token (using HMAC) so on the client-side there's no need for the OpenSSL DLLs. You can download the OpenSSL package at the fulgan website (keep in mind to always update to the latest version)

What is JOSE

JOSE is a standard that provides a general approach to signing and encryption of any content. JOSE consists of several RFC:

General Features

  • Token serialization
  • Token deserialization
  • Claims validation
    • exp, iat, nbf claims validatation - supported
    • aud, iss, sub claims validatation - planned
  • Sign algorithms
    • NONE, HS256, HS384, HS512 algorithms - supported
  • Encryption algorithms
    • RS256, RS384, RS512 algorithms - planned
    • ES256, ES384, ES512, PS256, PS384, PS512 algorithms - not (yet) planned
    • Not affected by theNonealgorithm vulnerability

This library is not susceptible to the recently discussed encryption vulnerability.

Projects using Delphi JOSE and JWT

Todo

Features
  • Token validation: aud, iss, sub
  • RSA algorithms implementation
  • Easy creation of TJWTClaims derived classes
Code
  • D2010+ porting
  • Unit Tests
  • More examples

Prerequisite

This library has been tested with Delphi 10.1 Berlin, Delphi 10 Seattle and Delphi XE8 but with a minimum amount of work it should compile with D2010 and higher

Libraries/Units dependencies

This library has no dependencies on external libraries/units.

Delphi units used:

  • System.JSON (DXE6+) (available on earlier Delphi versions as Data.DBXJSON)
  • System.Rtti (D2010+)
  • System.Generics.Collections (D2009+)
  • System.NetEncoding (DXE7+)
  • Indy units: IdHMAC, IdHMACSHA1, IdSSLOpenSSL, IdHash (please use latest version from svn)

Installation

Simply add the source path "Source/Common" and Source/JOSE" to your Delphi project path and.. you are good to go!

Code Examples

Creating a token

To create a token simple create an instance of the TJWT class and set the properties (claims). The easiest way to serialize, deserialize, verify a token is to use the TJOSEutility class.

var
  LToken: TJWT;
begin
  LToken := TJWT.Create;
  try
    // Token claims
    LToken.Claims.IssuedAt := Now;
    LToken.Claims.Expiration := Now + 1;
    LToken.Claims.Issuer := 'WiRL REST Library';

    // Signing and Compact format creation
    mmoCompact.Lines.Add(TJOSE.SHA256CompactToken('secret', LToken));

    // Header and Claims JSON representation
    mmoJSON.Lines.Add(LToken.Header.JSON.ToJSON);
    mmoJSON.Lines.Add(LToken.Claims.JSON.ToJSON);
  finally
    LToken.Free;
  end;

Unpack and Verify a token

Unpacking and verifying tokens is simple. You have to pass the key (secret) and the token compact format to the TJOSE.Verify class function

var
  LKey: TJWK;
  LToken: TJWT;
begin
  LKey := TJWK.Create('secret');
  // Unpack and verify the token
  LToken := TJOSE.Verify(LKey, 'eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJXaVJMIn0.w3BAZ_GwfQYY6dkS8xKUNZ_sOnkDUMELxBN0mKKNhJ4');

  if Assigned(LToken) then
  begin
    try
      if LToken.Verified then
        mmoJSON.Lines.Add('Token signature is verified')
      else
        mmoJSON.Lines.Add('Token signature is not verified')
    finally
      LToken.Free;
    end;
  end;

end;

Paolo Rossi

delphi-jose-jwt's People

Contributors

fabioxgn avatar paolo-rossi avatar wlandgraf avatar

Watchers

 avatar  avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.