TsgcWSAPIServer_WebAuthn › Methods › IsWebAuthnTokenValid
Checks whether the WebAuthn bearer token supplied by the client is still valid for the given connection.
function IsWebAuthnTokenValid(aConnection: TsgcWSConnection; aHeaders: TStringList): Boolean;| Name | Type | Description |
|---|---|---|
aConnection | TsgcWSConnection | Connection whose authorization token must be checked. |
aHeaders | TStringList | Raw HTTP request headers; the bearer token is extracted from the Authorization header. |
True when the token is present, well-formed and has not expired; False otherwise. (Boolean)
Use this overload from HTTP pipelines where the headers are available. The token is the bearer previously returned to the client by a successful authentication flow (see WebAuthn Authorization).
if not sgcWSAPIServer_WebAuthn1.IsWebAuthnTokenValid(aConnection, aRequestInfo.RawHeaders) then
aResponseInfo.ResponseNo := 401;function IsWebAuthnTokenValid(aConnection: TsgcWSConnection; aToken: string) : Boolean;| Name | Type | Description |
|---|---|---|
aConnection | TsgcWSConnection | Connection whose authorization token must be checked. |
aToken | string | Bearer token string previously issued by the server during a successful authentication. |
True when the token is known, bound to the connection and not expired; False otherwise. (Boolean)
Use this overload in WebSocket pipelines or whenever the token has already been extracted from the request (for example from a query string parameter or a subprotocol).
if not sgcWSAPIServer_WebAuthn1.IsWebAuthnTokenValid(aConnection, vToken) then
aConnection.Disconnect;