FB4D Reference ITokenJWT - SchneiderInfosystems/FB4D GitHub Wiki

Interface ITokenJWT

This interface is implemented in the unit FB4D.OAuth but usually you do not need to create an instance of this class by yourself because you get an object with this interface by the getter method IFirebaseAuthentication.TokenJWT.

With the VerifySignature: boolean method, the FB4D library offers you to proof cryptographically the authenticity of the token by checking the signature of the token with Google's public key. For this purpose, FB4D loads an X509 certificate from the Google web services and extracts the public key from the certificate.

For these complex cryptographic functions, the FB4D uses the OpenSSL library. Depending on the Operation system you have to install the binaries of OpenSSL or you can deploy the library files libeay32.dll and ssleay32.dll (for Windows platforms) together with your binaries. For more information about the compilation and installation of the OpenSSL library see also the OpenSSL wiki.

Because the deployment of the OpenSSL library files is on some platforms a little bit tricky and not all projects require this high-security level in order to prevent a man-in-the-middle-attack you have to define the condition compiling switch TOKENJWT in order to get an object with the method IFirebaseAuthentication.TokenJWT. If this compiler switch is not defined the IFirebaseAuthentication.TokenJWT will be returning always nil and you do not need to deploy any OpenSSL library files.

The next two functions return the header and the claim part of the JWTToken:

function GetHeader: TJWTHeader
function GetClaims: TJWTClaims