TSparkleJwtMiddleware Class
Validates JSON Web Tokens (JWT) present in request.
Syntax
Unit: Sparkle.Comp.JwtMiddleware
TSparkleJwtMiddleware = class(TSparkleMiddleware);Properties
| Name | Description |
|---|---|
| AllowedClockSkew | Determines the tolerance (in seconds) for checking time-based claims. |
| AllowExpiredToken | Determines if the JWT will be considered as valid even if it's expired (claim "exp" has an invalid value). |
| ExpectedAudiences | Provides a list of valid values for the "aud" claim. |
| ExpectedIssuers | Provides a list of valid values for the "iss" claim. |
| ForbidAnonymous​Access | Specifies if the request will be rejected if a JWT is not present in the request. |
| RequireExpiration​Time | When true, JWT validation will fail if claim "exp" is not present. |
| RequireIssuedAt | When true, JWT validation will fail if claim "iat" is not present. |
| RequireNotBefore | When true, JWT validation will fail if claim "nbf" is not present. |
| Secret | Secret used to validate the JWT. It's not recomended to use this property, instead use OnGetSecretEx event. |
| SkipKeyValidation | If true, the JWT secret (key) won't be validated and any secret will be used. |
Events
| Name | Description |
|---|---|
| BeforeValidation | Use this event to add custom JWT validation, by using methods of IJOSEConsumerBuilder interface. |
| OnForbidRequest | Use this event to fine tune which requests should be accepted or rejected by the middleware, regardless if JWT is present or valid. Values modified by this event override any other settings in this middleware. |
| OnGetSecret | Event used to provide the secret for signature validation. Use OnGetSecretEx instead. |
| OnGetSecretEx | Use this event to provide the secret (key) used to validate the JWT. |