TsgcHTTP_OAuth2_Server › Methods › IsOAuth2TokenValid
Validates an incoming Bearer access token presented by the client, either by parsing the request headers or by taking the raw token string.
function IsOAuth2TokenValid(const aConnection: TsgcWSConnection; const aHeaders: TStringList): Boolean;| Name | Type | Description |
|---|---|---|
aConnection | const TsgcWSConnection | The connection on which the protected resource request was received. |
aHeaders | const TStringList | Request headers. The method extracts the Authorization: Bearer <token> header (and any DPoP proof when OAuth2Options.DPoP is enabled) and validates it. |
Returns True when a valid, non-expired Bearer token is present in the headers; False when the header is missing, malformed, unknown or expired. (Boolean)
Use this overload from an HTTP pipeline hook where you already hold the full header list. It fires OnOAuth2AfterValidateAccessToken when the check succeeds. When DPoP is enabled the DPoP proof is validated as part of this call.
// Validate the Bearer token attached to an inbound HTTP request
if not OAuth2.IsOAuth2TokenValid(Connection, Request.RawHeaders) then
Response.ResponseNo := 401;function IsOAuth2TokenValid(const aConnection: TsgcWSConnection; const aToken: String): Boolean;| Name | Type | Description |
|---|---|---|
aConnection | const TsgcWSConnection | The connection associated with the request that carries the token. |
aToken | const String | The raw access token string, without the Bearer prefix. |
Returns True if the token exists in the server store, belongs to a registered application and has not expired; False otherwise. (Boolean)
Use this overload when the token has already been extracted (for example, from a query-string parameter or a custom header). It is the building block used by the other overload and by the automatic validation flow triggered by Authentication.Enabled.
// Validate a token extracted from a non-standard location
if not OAuth2.IsOAuth2TokenValid(Connection, vTokenFromQueryString) then
Connection.Disconnect;