Custom claim (with consumer) validation sample code

Author: paolo-rossi

Samples/CustomClaims/Demo.Form.Main.dfm

@@ -10,11 +10,9 @@ object frmMain: TfrmMain
   Font.Height = -11
   Font.Name = 'Tahoma'
   Font.Style = []
-  OldCreateOrder = False
   DesignSize = (
     685
     530)
-  PixelsPerInch = 96
   TextHeight = 13
   object Label1: TLabel
     Left = 16
@@ -93,6 +91,8 @@ object frmMain: TfrmMain
     Font.Style = []
     ParentFont = False
     TabOrder = 2
+    ExplicitWidth = 653
+    ExplicitHeight = 225
   end
   object edtIssuer: TLabeledEdit
     Left = 400
@@ -103,14 +103,15 @@ object frmMain: TfrmMain
     EditLabel.Height = 13
     EditLabel.Caption = 'Issuer'
     TabOrder = 3
+    Text = ''
   end
   object edtIssuedAtTime: TDateTimePicker
     Left = 512
     Top = 70
     Width = 74
     Height = 21
-    Date = 42207.710233020840000000
-    Time = 42207.710233020840000000
+    Date = 42207.000000000000000000
+    Time = 0.710233020843588700
     Kind = dtkTime
     TabOrder = 4
   end
@@ -119,17 +120,17 @@ object frmMain: TfrmMain
     Top = 156
     Width = 106
     Height = 21
-    Date = 42207.710233020840000000
-    Time = 42207.710233020840000000
+    Date = 42207.000000000000000000
+    Time = 0.710233020843588700
     TabOrder = 5
   end
   object edtExpiresDate: TDateTimePicker
     Left = 400
     Top = 113
     Width = 106
     Height = 21
-    Date = 42207.710233020840000000
-    Time = 42207.710233020840000000
+    Date = 42207.000000000000000000
+    Time = 0.710233020843588700
     TabOrder = 6
   end
   object chkIssuer: TCheckBox
@@ -172,42 +173,34 @@ object frmMain: TfrmMain
     State = cbChecked
     TabOrder = 10
   end
-  object Button1: TButton
-    Left = 400
-    Top = 234
-    Width = 113
-    Height = 25
-    Caption = 'Build Custom JWS'
-    TabOrder = 11
-  end
   object edtIssuedAtDate: TDateTimePicker
     Left = 400
     Top = 70
     Width = 106
     Height = 21
-    Date = 42207.710233020840000000
-    Time = 42207.710233020840000000
-    TabOrder = 12
+    Date = 42207.000000000000000000
+    Time = 0.710233020843588700
+    TabOrder = 11
   end
   object edtExpiresTime: TDateTimePicker
     Left = 512
     Top = 113
     Width = 74
     Height = 21
-    Date = 42207.710233020840000000
-    Time = 42207.710233020840000000
+    Date = 42207.000000000000000000
+    Time = 0.710233020843588700
     Kind = dtkTime
-    TabOrder = 13
+    TabOrder = 12
   end
   object edtNotBeforeTime: TDateTimePicker
     Left = 512
     Top = 156
     Width = 74
     Height = 21
-    Date = 42207.710233020840000000
-    Time = 42207.710233020840000000
+    Date = 42207.000000000000000000
+    Time = 0.710233020843588700
     Kind = dtkTime
-    TabOrder = 14
+    TabOrder = 13
   end
   object cbbAlgorithm: TComboBox
     Left = 400
@@ -216,11 +209,20 @@ object frmMain: TfrmMain
     Height = 21
     Style = csDropDownList
     ItemIndex = 0
-    TabOrder = 15
+    TabOrder = 14
     Text = 'HMAC SHA256'
     Items.Strings = (
       'HMAC SHA256'
       'HMAC SHA384'
       'HMAC SHA512')
   end
+  object btnCheckCustom: TButton
+    Left = 135
+    Top = 234
+    Width = 121
+    Height = 25
+    Caption = 'Check Custom Claim'
+    TabOrder = 15
+    OnClick = btnCheckCustomClick
+  end
 end

Samples/CustomClaims/Demo.Form.Main.pas

@@ -27,20 +27,28 @@ interface
 uses
   Winapi.Windows, Winapi.Messages, System.SysUtils, System.Variants, System.Classes, Vcl.Graphics,
   Vcl.Controls, Vcl.Forms, Vcl.Dialogs, Vcl.StdCtrls, IdGlobal, System.Generics.Defaults,
-  System.Generics.Collections, Vcl.ExtCtrls, Vcl.ComCtrls,
+  System.Generics.Collections, Vcl.ExtCtrls, Vcl.ComCtrls, Vcl.Mask,
 
   JOSE.Core.JWT,
   JOSE.Core.JWS,
   JOSE.Core.JWK,
   JOSE.Core.JWA,
-  JOSE.Types.JSON;
+  JOSE.Types.JSON,
+  JOSE.Types.Bytes,
+  JOSE.Core.Builder,
+  JOSE.Context,
+  JOSE.Consumer,
+  JOSE.Consumer.Validators;
 
 type
   TMyClaims = class(TJWTClaims)
   private
+    function GetNonce: string;
+    procedure SetNonce(const Value: string);
     function GetAppIssuer: string;
     procedure SetAppIssuer(const Value: string);
   public
+    property Nonce: string read GetNonce write SetNonce;
     property AppIssuer: string read GetAppIssuer write SetAppIssuer;
   end;
 
@@ -61,15 +69,17 @@   TfrmMain = class(TForm)
     chkIssuedAt: TCheckBox;
     chkExpires: TCheckBox;
     chkNotBefore: TCheckBox;
-    Button1: TButton;
     edtIssuedAtDate: TDateTimePicker;
     edtExpiresTime: TDateTimePicker;
     edtNotBeforeTime: TDateTimePicker;
     cbbAlgorithm: TComboBox;
     Label6: TLabel;
+    btnCheckCustom: TButton;
+    procedure btnCheckCustomClick(Sender: TObject);
     procedure btnCustomClaimsClick(Sender: TObject);
+    procedure Button1Click(Sender: TObject);
   private
-    { Private declarations }
+    FCompact: TJOSEBytes;
   public
     { Public declarations }
   end;
@@ -81,8 +91,7 @@ implementation
 
 uses
   System.Rtti,
-  JOSE.Types.Bytes,
-  JOSE.Core.Builder;
+  System.DateUtils;
 
 {$R *.dfm}
 
@@ -97,10 +106,13 @@ procedure TfrmMain.btnCustomClaimsClick(Sender: TObject);
 
     LClaims.IssuedAt := Now;
     LClaims.Expiration := Now + 1;
+    LClaims.Subject := 'paolo-rossi';
     LClaims.Issuer := 'WiRL REST Library';
     LClaims.AppIssuer :='CustomClaims';
+    LClaims.Nonce := '9876543';
 
-    mmoCompact.Lines.Add(TJOSE.SHA256CompactToken('secret', LToken));
+    FCompact := TJOSE.SHA256CompactToken('secret', LToken);
+    mmoCompact.Lines.Add(FCompact);
 
     mmoJSON.Lines.Add(TJSONUtils.ToJSON(LToken.Header.JSON));
     mmoJSON.Lines.Add(TJSONUtils.ToJSON(LToken.Claims.JSON));
@@ -109,16 +121,75 @@ procedure TfrmMain.btnCustomClaimsClick(Sender: TObject);
   end;
 end;
 
+procedure TfrmMain.btnCheckCustomClick(Sender: TObject);
+var
+  LConsumer: IJOSEConsumer;
+begin
+  LConsumer := TJOSEConsumerBuilder.NewConsumer
+    .SetClaimsClass(TMyClaims)
+
+    // JWS-related validation
+    .SetVerificationKey('secret')
+    .SetSkipVerificationKeyValidation
+    .SetDisableRequireSignature
+
+    // string-based claims validation
+    .SetExpectedSubject('paolo-rossi')
+
+    .RegisterValidator(
+      function (AJOSEContext: TJOSEContext): string
+      var
+        LNonce: string;
+      begin
+        Result := '';
+        LNonce := AJOSEContext.GetClaims<TMyClaims>.Nonce;
+
+        if not AJOSEContext.GetClaims.ClaimExists('nonce') then
+          Exit('Nonce was not present');
+
+        if not (LNonce = '9876543') then
+          Exit(Format('Nonce [nonce] claim value [%s] doesn''t match expected value of [%s]',
+            [LNonce, '9876543']));
+      end
+    )
+    // Build the consumer object
+    .Build();
+
+  mmoCompact.Lines.Add('======================================');
+  try
+    LConsumer.Process(FCompact);
+    mmoCompact.Lines.Add('Validation process passed');
+  except
+    on E: EInvalidJWTException do
+      mmoCompact.Lines.Add(E.Message);
+  end;
+end;
+
+procedure TfrmMain.Button1Click(Sender: TObject);
+begin
+
+end;
+
 { TMyClaims }
 
 function TMyClaims.GetAppIssuer: string;
 begin
   Result := TJSONUtils.GetJSONValue('ais', FJSON).AsString;
 end;
 
+function TMyClaims.GetNonce: string;
+begin
+  Result := TJSONUtils.GetJSONValue('nonce', FJSON).AsString;
+end;
+
 procedure TMyClaims.SetAppIssuer(const Value: string);
 begin
   TJSONUtils.SetJSONValueFrom<string>('ais', Value, FJSON);
 end;
 
+procedure TMyClaims.SetNonce(const Value: string);
+begin
+  TJSONUtils.SetJSONValueFrom<string>('nonce', Value, FJSON);
+end;
+
 end.