Delphi implementation of JWT(JSON Web Token).
| Algorithm | Status |
|---|---|
| none | 👍 |
| HS256 | 👍 |
| HS384 | 👍 |
| HS512 | 👍 |
| The following algorithms require 3rd party library | |
| ES256 | 👍 |
| ES384 | 👍 |
| ES512 | 👍 |
| ES256K | Coming Soon |
| PS256 | 👍 |
| PS384 | 👍 |
| PS512 | 👍 |
| RS256 | 👍 |
| RS384 | 👍 |
| RS512 | 👍 |
ES, PS and RS algorithms require third party library: IPWorks Encrypt.
# Generate RSA 2048 bits key pair for RS and PS algorithm
$ openssl genrsa -out rs-private.pem 2048
$ openssl rsa -in rs-private.pem -pubout -out rs-public.pem
$ cat rs-*.pem
# Generate EC256 key pair
$ openssl ecparam -genkey -name prime256v1 -noout -out es256-private.pem
$ openssl ec -in es256-private.pem -pubout -out es256-public.pem
$ cat es256-*.pem
# Generate EC384 key pair
$ openssl ecparam -genkey -name secp384r1 -noout -out es384-key-pair.pem
$ openssl ec -in es384-private.pem -pubout -out es384-public.pem
$ cat es384-*.pem
# Generate EC512 key pair
$ openssl ecparam -genkey -name secp521r1 -noout -out es512-key-pair.pem
$ openssl ec -in es512-private.pem -pubout -out es512-public.pem
$ cat es512-*.pemJWT token is encoded with base64, or more precisely - base64url encoding. The base64url is similar to base64 encoding except the last 2 encoded characters + and / is replaced with - and _ respectively.
Delphi's System.NetEncoding.TBase64Encoding only perform standard base64 encoding.
A new class TBase64UrlEncoding has implemented perform base64url encoding.
TJWT is constructed using custom managed record. Here is a simple example:
begin
var J: TJWT;
J.Claims.iss.ValueString := 'joe';
WriteLn(J.Sign(TAlgType.HS256, 'secret'));
WriteLn('Valid: ', J.Validate('secret'));
WriteLn('Invalid: ', J.Validate('SECRET'));
end;And the output:
eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJqb2UifQ.jVFp6sJys73wlxCiSva4f9PsDhk9-CtpWBikYlUiGVY
Valid: TRUE
Invalid: FALSE
Some handy tools for JWT token: