I'm using Delphi XE7 , I have a WebService REST done from the DataSnap REST project, I need to get the bearer-token passed via Header by the client, but DataSnap REST by default it executes as Basic .
As far as I can see, it runs DoParseAuthentication of class TIdCustomHTTPServer , but the function is private.
Does anyone have any idea how to do it, have already had the same problem, how to solve?
DataSnap is based on the Indy components. When there is a Http request with authentication, the TIdCustomHTTPServer.DoParseAuthentication function is called. If there is no function associated with OnParseAuthentication , it will attempt to authenticate Basic . So to do authentication with bearer-token I do it as described below.
Look for the statement:
FServer := TIdHTTPWebBrokerBridge.Create(Self);
In this case, when we created using the DataSnap Rest Wizard and choosing the standalone option, the above statement is in the form created as an example.
Just below it, add the following code:
FServer.OnParseAuthentication := DoParseAuthentication;
The DoParseAuthentication procedure can be done as follows:
procedure TForm1.DoParseAuthentication(AContext: TIdContext; const AAuthType, AAuthData: String; var VUsername, VPassword: String; var VHandled: Boolean);
begin
VHandled := AAuthType.Equals('Bearer') and IsTokenValid(AAuthData);
end;
IsTokenValid is a function that you must implement. If authentication is correct VHandled should return True .
Note: I use LifeCycle of type Invocation