Bearer authentication #241
Comments
|
Which flow are you using ? E.g. https://auth0.com/docs/api-auth/which-oauth-flow-to-use |
|
I have a server using DMVC, where it is responsible for receiving the user and password and generating the JWT token. On the server that will be authenticated by JWT, it is also wrong. It forces me to pass the token on the Authenticate header as long as the default is the Authorization header. And the DMVC is still validating the header content as follows: "bearer dgasdkghdaskfghfasdf", while the default is "Bearer askfgsdkfghjkfalsdfglfkj" |
|
I can adjust and perform the pull request if I can ... |
|
You can define the name of your header when creating JWT middleware. FEngine.AddMiddleware(TMVCJWTAuthenticationMiddleware.Create(
TAuthenticationController.Create,
LClaimsSetup,
'MySecret', { Secret }
'/api/login',
[TJWTCheckableClaim.ExpirationTime, TJWTCheckableClaim.NotBefore, TJWTCheckableClaim.IssuedAt],
300,
'Authorization', { Header token }
'username', { Header UserName }
'password' { Header Password }
)); |
|
Yes I Can! But why define a name being that a pattern already exists? |
|
The Horse for example follows the correct pattern. |
|
See more in (RFC 6750):
|
|
Thanl you for your notes @viniciussanchez . |
Hi, I would like to know why to request a JWt token, do I have to use the POST method? And why did you create custom headers, being the default and using header authorization? If I make the settings to leave the API according to the Web standard, will you accept the pull request?
The text was updated successfully, but these errors were encountered: