TSparkleJwtMiddleware Class
Validates JSON Web Tokens (JWT) present in request.
Syntax
Unit: Sparkle.Comp.JwtMiddleware
TSparkleJwtMiddleware = class(TSparkleMiddleware);Properties
| Name | Description |
|---|---|
| Secret | Secret used to validate the JWT. It's not recomended to use this property, instead use OnGetSecretEx event. |
| ForbidAnonymous​Access | Specifies if the request will be rejected if a JWT is not present in the request. |
| AllowExpiredToken | Determines if the JWT will be considered as valid even if it's expired (claim "exp" has an invalid value). |
| AllowedClockSkew | Determines the tolerance (in seconds) for checking time-based claims. |
| RequireExpiration​Time | When true, JWT validation will fail if claim "exp" is not present. |
| RequireIssuedAt | When true, JWT validation will fail if claim "iat" is not present. |
| RequireNotBefore | When true, JWT validation will fail if claim "nbf" is not present. |
| ExpectedAudiences | Provides a list of valid values for the "aud" claim. |
| ExpectedIssuers | Provides a list of valid values for the "iss" claim. |
| SkipKeyValidation | If true, the JWT secret (key) won't be validated and any secret will be used. |
Events
| Name | Description |
|---|---|
| OnGetSecret | Event used to provide the secret for signature validation. Use OnGetSecretEx instead. |
| OnGetSecretEx | Use this event to provide the secret (key) used to validate the JWT. |
| OnForbidRequest | Use this event to fine tune which requests should be accepted or rejected by the middleware, regardless if JWT is present or valid. Values modified by this event override any other settings in this middleware. |
| BeforeValidation | Use this event to add custom JWT validation, by using methods of IJOSEConsumerBuilder interface. |