TsgcHTTP_JWT_Server › Methods › Validate
Decodes a JWT string and validates its signature against the configured algorithm, returning the decoded Header, Payload and any error text.
function Validate(const aJWT: string; var aHeader, aPayload, aError: string): Boolean;| Name | Type | Description |
|---|---|---|
aJWT | const string | Encoded JWT in compact form (header.payload.signature, base64url, dot-separated). |
aHeader | var string | Receives the decoded JOSE header JSON (for example {"alg":"HS256","typ":"JWT"}) when the token could be split. |
aPayload | var string | Receives the decoded payload JSON with the registered and custom claims. |
aError | var string | Cleared on entry; populated with a human-readable reason when the algorithm is disabled or the signature is invalid. |
True when the JWT is well-formed and its signature verifies against the configured key material for the algorithm declared in its header; False otherwise. (Boolean)
Low-level helper that verifies only the signature — it does not fire the OnJWT* events and does not run the Validations claim checks (iat, nbf, exp); use IsJWTTokenValid for the full request pipeline. The algorithm is read from the token header and matched against JWTOptions.Algorithms.HS/RS/ES; if the corresponding Enabled flag is False the method returns False and writes "[family] Algorithm not supported" to aError. Raises an exception when the token cannot be split into three parts.
var
vHeader, vPayload, vError: string;
begin
if oJWT.Validate(vToken, vHeader, vPayload, vError) then
ShowMessage('Payload: ' + vPayload)
else
ShowMessage('Invalid JWT: ' + vError);
end;