{"id":1014,"date":"2025-04-24T00:03:39","date_gmt":"2025-04-24T03:03:39","guid":{"rendered":"https:\/\/code4delphi.com.br\/blog\/?p=1014"},"modified":"2025-05-14T23:10:33","modified_gmt":"2025-05-15T02:10:33","slug":"jwt-no-delphi-o-que-e-e-como-utilizar","status":"publish","type":"post","link":"https:\/\/code4delphi.com.br\/blog\/jwt-no-delphi-o-que-e-e-como-utilizar\/","title":{"rendered":"JWT no Delphi: o que \u00e9 e como utilizar"},"content":{"rendered":"\n<p class=\"wp-block-paragraph\">Se voc\u00ea trabalha com APIs REST, especialmente em ambientes modernos com autentica\u00e7\u00e3o e autoriza\u00e7\u00e3o, com certeza j\u00e1 se deparou com o termo <strong>JWT<\/strong>. Mas afinal, o que \u00e9 isso?<\/p>\n\n\n\n<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_81 counter-hierarchy ez-toc-counter ez-toc-grey ez-toc-container-direction\">\n<div class=\"ez-toc-title-container\">\n<p class=\"ez-toc-title ez-toc-toggle\" style=\"cursor:pointer\">Sum\u00e1rio<\/p>\n<span class=\"ez-toc-title-toggle\"><a href=\"#\" class=\"ez-toc-pull-right ez-toc-btn ez-toc-btn-xs ez-toc-btn-default ez-toc-toggle\" aria-label=\"Alternar tabela de conte\u00fado\"><span class=\"ez-toc-js-icon-con\"><span class=\"\"><span class=\"eztoc-hide\" style=\"display:none;\">Toggle<\/span><span class=\"ez-toc-icon-toggle-span\"><svg style=\"fill: #999;color:#999\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" class=\"list-377408\" width=\"20px\" height=\"20px\" viewBox=\"0 0 24 24\" fill=\"none\"><path d=\"M6 6H4v2h2V6zm14 0H8v2h12V6zM4 11h2v2H4v-2zm16 0H8v2h12v-2zM4 16h2v2H4v-2zm16 0H8v2h12v-2z\" fill=\"currentColor\"><\/path><\/svg><svg style=\"fill: #999;color:#999\" class=\"arrow-unsorted-368013\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"10px\" height=\"10px\" viewBox=\"0 0 24 24\" version=\"1.2\" baseProfile=\"tiny\"><path d=\"M18.2 9.3l-6.2-6.3-6.2 6.3c-.2.2-.3.4-.3.7s.1.5.3.7c.2.2.4.3.7.3h11c.3 0 .5-.1.7-.3.2-.2.3-.5.3-.7s-.1-.5-.3-.7zM5.8 14.7l6.2 6.3 6.2-6.3c.2-.2.3-.5.3-.7s-.1-.5-.3-.7c-.2-.2-.4-.3-.7-.3h-11c-.3 0-.5.1-.7.3-.2.2-.3.5-.3.7s.1.5.3.7z\"\/><\/svg><\/span><\/span><\/span><\/a><\/span><\/div>\n<nav><ul class='ez-toc-list ez-toc-list-level-1 eztoc-toggle-hide-by-default' ><ul class='ez-toc-list-level-3' ><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/code4delphi.com.br\/blog\/jwt-no-delphi-o-que-e-e-como-utilizar\/#JWT_%E2%80%93_JSON_Web_Token\" >JWT \u2013 JSON Web Token<\/a><\/li><\/ul><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-2\" href=\"https:\/\/code4delphi.com.br\/blog\/jwt-no-delphi-o-que-e-e-como-utilizar\/#Estrutura_de_um_JWT\" >Estrutura de um JWT<\/a><ul class='ez-toc-list-level-3' ><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-3\" href=\"https:\/\/code4delphi.com.br\/blog\/jwt-no-delphi-o-que-e-e-como-utilizar\/#1_Header_Cabecalho\" >1. Header (Cabe\u00e7alho)<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-4\" href=\"https:\/\/code4delphi.com.br\/blog\/jwt-no-delphi-o-que-e-e-como-utilizar\/#2_Payload_Corpo_do_token\" >2. Payload (Corpo do token)<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-5\" href=\"https:\/\/code4delphi.com.br\/blog\/jwt-no-delphi-o-que-e-e-como-utilizar\/#3_Signature_Assinatura\" >3. Signature (Assinatura)<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-6\" href=\"https:\/\/code4delphi.com.br\/blog\/jwt-no-delphi-o-que-e-e-como-utilizar\/#%F0%9F%92%A1_Dica_testando_e_explorando_JWTs_no_jwtio\" >\ud83d\udca1 Dica: testando e explorando JWTs no jwt.io<\/a><\/li><\/ul><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-7\" href=\"https:\/\/code4delphi.com.br\/blog\/jwt-no-delphi-o-que-e-e-como-utilizar\/#Usando_JWT_com_Delphi_e_TMS_XData\" >Usando JWT com Delphi e TMS XData<\/a><ul class='ez-toc-list-level-3' ><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-8\" href=\"https:\/\/code4delphi.com.br\/blog\/jwt-no-delphi-o-que-e-e-como-utilizar\/#%F0%9F%94%90_Como_funciona_no_XData\" >\ud83d\udd10 Como funciona no XData<\/a><\/li><\/ul><\/li><\/ul><\/nav><\/div>\n<h3 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"JWT_%E2%80%93_JSON_Web_Token\"><\/span>JWT \u2013 JSON Web Token<span class=\"ez-toc-section-end\"><\/span><\/h3>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"655\" height=\"179\" src=\"https:\/\/code4delphi.com.br\/blog\/wp-content\/uploads\/2025\/04\/JWT-Canva.png\" alt=\"\" class=\"wp-image-1061\" srcset=\"https:\/\/code4delphi.com.br\/blog\/wp-content\/uploads\/2025\/04\/JWT-Canva.png 655w, https:\/\/code4delphi.com.br\/blog\/wp-content\/uploads\/2025\/04\/JWT-Canva-300x82.png 300w\" sizes=\"auto, (max-width: 655px) 100vw, 655px\" \/><\/figure>\n\n\n\n<p class=\"wp-block-paragraph\">O <strong>JWT (JSON Web Token)<\/strong> \u00e9 um padr\u00e3o aberto baseado em JSON (<a href=\"https:\/\/datatracker.ietf.org\/doc\/html\/rfc7519\" data-type=\"link\" data-id=\"https:\/\/datatracker.ietf.org\/doc\/html\/rfc7519\" target=\"_blank\" rel=\"noreferrer noopener\">RFC 7519<\/a>) \u00e9 um formato de <strong>token compacto e seguro<\/strong> usado para <strong>transmitir informa\u00e7\u00f5es entre duas partes<\/strong>, geralmente um cliente e um servidor, de forma que essas informa\u00e7\u00f5es possam ser <strong>verificadas e confi\u00e1veis<\/strong>.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Ele \u00e9 muito utilizado para implementar autentica\u00e7\u00e3o e autoriza\u00e7\u00e3o em aplica\u00e7\u00f5es web e mobile. Quando um usu\u00e1rio faz login, por exemplo, o servidor gera um JWT e o devolve para o cliente. Esse token pode ser enviado em requisi\u00e7\u00f5es subsequentes, normalmente via cabe\u00e7alho HTTP, permitindo que o servidor identifique o usu\u00e1rio sem a necessidade de manter sess\u00f5es.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Estrutura_de_um_JWT\"><\/span>Estrutura de um JWT<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">Um JWT \u00e9 composto por <strong>tr\u00eas partes<\/strong>, separadas por pontos (<code>.<\/code>), formando uma string como essa:<\/p>\n\n\n\n<p style=\"font-family: monospace; font-size: 20px;\"> \n    <span style=\"color: #e91e63;\">eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9<\/span>.\n    <span style=\"color: #ba68c8;\">eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkNvZGU0RGVscGhpIiwiaWF0IjoxNTE2MjM5MDIyfQ<\/span>.\n    <span style=\"color: #29b6f6;\">hFyIIP6gXt38XVhukyhpPRXFUUWCmL8jeyfem2Yc51I<\/span>\n  <\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"615\" height=\"255\" src=\"https:\/\/code4delphi.com.br\/blog\/wp-content\/uploads\/2025\/04\/JWT.png\" alt=\"\" class=\"wp-image-1021\" srcset=\"https:\/\/code4delphi.com.br\/blog\/wp-content\/uploads\/2025\/04\/JWT.png 615w, https:\/\/code4delphi.com.br\/blog\/wp-content\/uploads\/2025\/04\/JWT-300x124.png 300w\" sizes=\"auto, (max-width: 615px) 100vw, 615px\" \/><\/figure>\n\n\n\n<p class=\"wp-block-paragraph\">Vamos entender cada uma delas:<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"1_Header_Cabecalho\"><\/span>1. <strong>Header (Cabe\u00e7alho)<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">Cont\u00e9m informa\u00e7\u00f5es sobre o tipo de token e o algoritmo de assinatura usado (<strong>Essa parte \u00e9 codificada em Base64URL<\/strong>):<\/p>\n\n\n\n<div class=\"wp-block-kevinbatdorf-code-block-pro cbp-has-line-numbers\" data-code-block-pro-font-family=\"Code-Pro-JetBrains-Mono\" style=\"font-size:.875rem;font-family:Code-Pro-JetBrains-Mono,ui-monospace,SFMono-Regular,Menlo,Monaco,Consolas,monospace;--cbp-line-number-color:#f6f6f4;--cbp-line-number-width:calc(1 * 0.6 * .875rem);line-height:1.25rem;--cbp-tab-width:2;tab-size:var(--cbp-tab-width, 2)\"><span role=\"button\" tabindex=\"0\" data-code=\"{\n  &quot;alg&quot;: &quot;HS256&quot;,\n  &quot;typ&quot;: &quot;JWT&quot;\n}\" style=\"color:#f6f6f4;display:none\" aria-label=\"Copy\" class=\"code-block-pro-copy-button\"><svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" style=\"width:24px;height:24px\" fill=\"none\" viewBox=\"0 0 24 24\" stroke=\"currentColor\" stroke-width=\"2\"><path class=\"with-check\" stroke-linecap=\"round\" stroke-linejoin=\"round\" d=\"M4.5 12.75l6 6 9-13.5\"><\/path><path class=\"without-check\" stroke-linecap=\"round\" stroke-linejoin=\"round\" d=\"M16.5 8.25V6a2.25 2.25 0 00-2.25-2.25H6A2.25 2.25 0 003.75 6v8.25A2.25 2.25 0 006 16.5h2.25m8.25-8.25H18a2.25 2.25 0 012.25 2.25V18A2.25 2.25 0 0118 20.25h-7.5A2.25 2.25 0 018.25 18v-1.5m8.25-8.25h-6a2.25 2.25 0 00-2.25 2.25v6\"><\/path><\/svg><\/span><pre class=\"shiki dracula-soft\" style=\"background-color: #282A36\" tabindex=\"0\"><code><span class=\"line\"><span style=\"color: #F6F6F4\">{<\/span><\/span>\n<span class=\"line\"><span style=\"color: #F6F6F4\">  <\/span><span style=\"color: #97E2F2\">&quot;<\/span><span style=\"color: #97E1F1\">alg<\/span><span style=\"color: #97E2F2\">&quot;<\/span><span style=\"color: #F286C4\">:<\/span><span style=\"color: #F6F6F4\"> <\/span><span style=\"color: #DEE492\">&quot;<\/span><span style=\"color: #E7EE98\">HS256<\/span><span style=\"color: #DEE492\">&quot;<\/span><span style=\"color: #F6F6F4\">,<\/span><\/span>\n<span class=\"line\"><span style=\"color: #F6F6F4\">  <\/span><span style=\"color: #97E2F2\">&quot;<\/span><span style=\"color: #97E1F1\">typ<\/span><span style=\"color: #97E2F2\">&quot;<\/span><span style=\"color: #F286C4\">:<\/span><span style=\"color: #F6F6F4\"> <\/span><span style=\"color: #DEE492\">&quot;<\/span><span style=\"color: #E7EE98\">JWT<\/span><span style=\"color: #DEE492\">&quot;<\/span><\/span>\n<span class=\"line\"><span style=\"color: #F6F6F4\">}<\/span><\/span><\/code><\/pre><\/div>\n\n\n\n<h3 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"2_Payload_Corpo_do_token\"><\/span>2. <strong>Payload (Corpo do token)<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">\u00c9 onde est\u00e1 a carga \u00fatil, representada por um objeto JSON que cont\u00e9m os <strong>claims<\/strong>, ou seja, as informa\u00e7\u00f5es que voc\u00ea deseja transmitir.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Exemplo:<\/p>\n\n\n\n<div class=\"wp-block-kevinbatdorf-code-block-pro cbp-has-line-numbers\" data-code-block-pro-font-family=\"Code-Pro-JetBrains-Mono\" style=\"font-size:.875rem;font-family:Code-Pro-JetBrains-Mono,ui-monospace,SFMono-Regular,Menlo,Monaco,Consolas,monospace;--cbp-line-number-color:#f6f6f4;--cbp-line-number-width:calc(1 * 0.6 * .875rem);line-height:1.25rem;--cbp-tab-width:2;tab-size:var(--cbp-tab-width, 2)\"><span role=\"button\" tabindex=\"0\" data-code=\"{\n  &quot;sub&quot;: &quot;1234567890&quot;,\n  &quot;iat&quot;: 1516239022, \n  &quot;name&quot;: &quot;Code4Delphi&quot;,  \n  &quot;meu-claim&quot;: &quot;Usuario-Master&quot;\n}\" style=\"color:#f6f6f4;display:none\" aria-label=\"Copy\" class=\"code-block-pro-copy-button\"><svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" style=\"width:24px;height:24px\" fill=\"none\" viewBox=\"0 0 24 24\" stroke=\"currentColor\" stroke-width=\"2\"><path class=\"with-check\" stroke-linecap=\"round\" stroke-linejoin=\"round\" d=\"M4.5 12.75l6 6 9-13.5\"><\/path><path class=\"without-check\" stroke-linecap=\"round\" stroke-linejoin=\"round\" d=\"M16.5 8.25V6a2.25 2.25 0 00-2.25-2.25H6A2.25 2.25 0 003.75 6v8.25A2.25 2.25 0 006 16.5h2.25m8.25-8.25H18a2.25 2.25 0 012.25 2.25V18A2.25 2.25 0 0118 20.25h-7.5A2.25 2.25 0 018.25 18v-1.5m8.25-8.25h-6a2.25 2.25 0 00-2.25 2.25v6\"><\/path><\/svg><\/span><pre class=\"shiki dracula-soft\" style=\"background-color: #282A36\" tabindex=\"0\"><code><span class=\"line\"><span style=\"color: #F6F6F4\">{<\/span><\/span>\n<span class=\"line\"><span style=\"color: #F6F6F4\">  <\/span><span style=\"color: #97E2F2\">&quot;<\/span><span style=\"color: #97E1F1\">sub<\/span><span style=\"color: #97E2F2\">&quot;<\/span><span style=\"color: #F286C4\">:<\/span><span style=\"color: #F6F6F4\"> <\/span><span style=\"color: #DEE492\">&quot;<\/span><span style=\"color: #E7EE98\">1234567890<\/span><span style=\"color: #DEE492\">&quot;<\/span><span style=\"color: #F6F6F4\">,<\/span><\/span>\n<span class=\"line\"><span style=\"color: #F6F6F4\">  <\/span><span style=\"color: #97E2F2\">&quot;<\/span><span style=\"color: #97E1F1\">iat<\/span><span style=\"color: #97E2F2\">&quot;<\/span><span style=\"color: #F286C4\">:<\/span><span style=\"color: #F6F6F4\"> <\/span><span style=\"color: #BF9EEE\">1516239022<\/span><span style=\"color: #F6F6F4\">, <\/span><\/span>\n<span class=\"line\"><span style=\"color: #F6F6F4\">  <\/span><span style=\"color: #97E2F2\">&quot;<\/span><span style=\"color: #97E1F1\">name<\/span><span style=\"color: #97E2F2\">&quot;<\/span><span style=\"color: #F286C4\">:<\/span><span style=\"color: #F6F6F4\"> <\/span><span style=\"color: #DEE492\">&quot;<\/span><span style=\"color: #E7EE98\">Code4Delphi<\/span><span style=\"color: #DEE492\">&quot;<\/span><span style=\"color: #F6F6F4\">,  <\/span><\/span>\n<span class=\"line\"><span style=\"color: #F6F6F4\">  <\/span><span style=\"color: #97E2F2\">&quot;<\/span><span style=\"color: #97E1F1\">meu-claim<\/span><span style=\"color: #97E2F2\">&quot;<\/span><span style=\"color: #F286C4\">:<\/span><span style=\"color: #F6F6F4\"> <\/span><span style=\"color: #DEE492\">&quot;<\/span><span style=\"color: #E7EE98\">Usuario-Master<\/span><span style=\"color: #DEE492\">&quot;<\/span><\/span>\n<span class=\"line\"><span style=\"color: #F6F6F4\">}<\/span><\/span><\/code><\/pre><\/div>\n\n\n\n<p class=\"wp-block-paragraph\">Existem tr\u00eas tipos de claims: privadas, p\u00fablicas e reservadas. As claims reservados n\u00e3o t\u00eam utiliza\u00e7\u00e3o obrigat\u00f3ria, mas, em algumas situa\u00e7\u00f5es, s\u00e3o recomendadas. Veja a lista de claims reservadas no JWT:<\/p>\n\n\n\n<figure class=\"wp-block-table\"><table class=\"has-fixed-layout\"><thead><tr><th>Claim<\/th><th>Tipo<\/th><th>Descri\u00e7\u00e3o<\/th><\/tr><\/thead><tbody><tr><td><strong>iss<\/strong><\/td><td>String<\/td><td><strong>Issuer<\/strong> \u2013 Quem emitiu o token<\/td><\/tr><tr><td><strong>sub<\/strong><\/td><td>String<\/td><td><strong>Subject<\/strong> \u2013 Quem \u00e9 o dono do token (ex: ID do usu\u00e1rio)<\/td><\/tr><tr><td><strong>aud<\/strong><\/td><td>String ou array<\/td><td><strong>Audience<\/strong> \u2013 Destinat\u00e1rio do token (ex: nome da aplica\u00e7\u00e3o ou API)<\/td><\/tr><tr><td><strong>exp<\/strong><\/td><td>Num\u00e9rico (timestamp)<\/td><td><strong>Expiration Time<\/strong> \u2013 Data\/hora de expira\u00e7\u00e3o do token<\/td><\/tr><tr><td><strong>nbf<\/strong><\/td><td>Num\u00e9rico (timestamp)<\/td><td><strong>Not Before<\/strong> \u2013 O token <strong>n\u00e3o \u00e9 v\u00e1lido antes<\/strong> deste hor\u00e1rio<\/td><\/tr><tr><td><strong>iat<\/strong><\/td><td>Num\u00e9rico (timestamp)<\/td><td><strong>Issued At<\/strong> \u2013 Quando o token foi emitido<\/td><\/tr><tr><td><strong>jti<\/strong><\/td><td>String<\/td><td><strong>JWT ID<\/strong> \u2013 Identificador \u00fanico do token (pode ser usado para evitar reuso\/replay attacks)<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n<p class=\"wp-block-paragraph\">\u26a0\ufe0f Importante: o payload tamb\u00e9m \u00e9<strong> codificado em Base64URL<\/strong> por\u00e9m ele <strong>n\u00e3o \u00e9 criptografado<\/strong>, apenas codificado. <strong>Nunca coloque<\/strong> informa\u00e7\u00f5es sens\u00edveis aqui.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"3_Signature_Assinatura\"><\/span>3. <strong>Signature (Assinatura)<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">Essa parte garante a <strong>integridade<\/strong> do token. \u00c9 criada usando o header e o payload juntos, al\u00e9m de uma chave secreta. Com isso, \u00e9 poss\u00edvel verificar se o token foi alterado.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Por exemplo, com o algoritmo HMAC SHA256:<\/p>\n\n\n\n<div class=\"wp-block-kevinbatdorf-code-block-pro cbp-has-line-numbers\" data-code-block-pro-font-family=\"Code-Pro-JetBrains-Mono\" style=\"font-size:.875rem;font-family:Code-Pro-JetBrains-Mono,ui-monospace,SFMono-Regular,Menlo,Monaco,Consolas,monospace;--cbp-line-number-color:#f6f6f4;--cbp-line-number-width:calc(1 * 0.6 * .875rem);line-height:1.25rem;--cbp-tab-width:2;tab-size:var(--cbp-tab-width, 2)\"><span role=\"button\" tabindex=\"0\" data-code=\"HMACSHA256(\n  base64UrlEncode(header) + &quot;.&quot; +\n  base64UrlEncode(payload),\n  seu-segredo-de-256-bits\n)\" style=\"color:#f6f6f4;display:none\" aria-label=\"Copy\" class=\"code-block-pro-copy-button\"><svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" style=\"width:24px;height:24px\" fill=\"none\" viewBox=\"0 0 24 24\" stroke=\"currentColor\" stroke-width=\"2\"><path class=\"with-check\" stroke-linecap=\"round\" stroke-linejoin=\"round\" d=\"M4.5 12.75l6 6 9-13.5\"><\/path><path class=\"without-check\" stroke-linecap=\"round\" stroke-linejoin=\"round\" d=\"M16.5 8.25V6a2.25 2.25 0 00-2.25-2.25H6A2.25 2.25 0 003.75 6v8.25A2.25 2.25 0 006 16.5h2.25m8.25-8.25H18a2.25 2.25 0 012.25 2.25V18A2.25 2.25 0 0118 20.25h-7.5A2.25 2.25 0 018.25 18v-1.5m8.25-8.25h-6a2.25 2.25 0 00-2.25 2.25v6\"><\/path><\/svg><\/span><pre class=\"shiki dracula-soft\" style=\"background-color: #282A36\" tabindex=\"0\"><code><span class=\"line\"><span style=\"color: #F6F6F4\">HMACSHA<\/span><span style=\"color: #BF9EEE\">256<\/span><span style=\"color: #F6F6F4\">(<\/span><\/span>\n<span class=\"line\"><span style=\"color: #F6F6F4\">  base<\/span><span style=\"color: #BF9EEE\">64<\/span><span style=\"color: #F6F6F4\">UrlEncode(header) + <\/span><span style=\"color: #DEE492\">&quot;<\/span><span style=\"color: #E7EE98\">.<\/span><span style=\"color: #DEE492\">&quot;<\/span><span style=\"color: #F6F6F4\"> +<\/span><\/span>\n<span class=\"line\"><span style=\"color: #F6F6F4\">  base<\/span><span style=\"color: #BF9EEE\">64<\/span><span style=\"color: #F6F6F4\">UrlEncode(payload),<\/span><\/span>\n<span class=\"line\"><span style=\"color: #F6F6F4\">  seu-segredo-de<\/span><span style=\"color: #BF9EEE\">-256<\/span><span style=\"color: #F6F6F4\">-bits<\/span><\/span>\n<span class=\"line\"><span style=\"color: #F6F6F4\">)<\/span><\/span><\/code><\/pre><\/div>\n\n\n\n<h3 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"%F0%9F%92%A1_Dica_testando_e_explorando_JWTs_no_jwtio\"><\/span>\ud83d\udca1 Dica: testando e explorando JWTs no <a href=\"https:\/\/jwt.io\" target=\"_blank\" rel=\"noreferrer noopener\">jwt.io<\/a><span class=\"ez-toc-section-end\"><\/span><\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">Se voc\u00ea quer entender melhor como um JWT funciona na pr\u00e1tica, vale a pena visitar o site <a href=\"https:\/\/jwt.io\" target=\"_blank\" rel=\"noreferrer noopener\">https:\/\/jwt.io<\/a>. Ele permite <strong>analisar tokens em tempo real<\/strong>, mostrando a decodifica\u00e7\u00e3o do header, payload e assinatura, al\u00e9m de permitir a <strong>valida\u00e7\u00e3o com chave secreta<\/strong>. \u00c9 uma excelente ferramenta para aprendizado, testes e depura\u00e7\u00e3o \u2014 principalmente quando voc\u00ea est\u00e1 come\u00e7ando a trabalhar com JWTs ou quer entender se o token gerado pelo seu backend est\u00e1 formatado corretamente.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Usando_JWT_com_Delphi_e_TMS_XData\"><\/span>Usando JWT com Delphi e TMS XData<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">Se voc\u00ea desenvolve APIs REST com Delphi, o <strong>TMS XData<\/strong> j\u00e1 oferece suporte integrado ao uso de JWT como mecanismo de autentica\u00e7\u00e3o. Isso permite que voc\u00ea implemente seguran\u00e7a nas suas APIs de forma moderna e alinhada com os padr\u00f5es de mercado.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"%F0%9F%94%90_Como_funciona_no_XData\"><\/span>\ud83d\udd10 Como funciona no XData<span class=\"ez-toc-section-end\"><\/span><\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">No XData, o uso de JWT pode ser facilmente habilitado atrav\u00e9s de um <strong>middleware<\/strong> de autentica\u00e7\u00e3o. O fluxo b\u00e1sico \u00e9:<\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li>O cliente faz login e envia usu\u00e1rio e senha (ou outro m\u00e9todo de autentica\u00e7\u00e3o).<\/li>\n\n\n\n<li>Se as credenciais forem v\u00e1lidas, o servidor gera um <strong>JWT assinado<\/strong> e o envia de volta.<\/li>\n\n\n\n<li>Esse token \u00e9 armazenado no cliente (por exemplo, em mem\u00f3ria ou local storage).<\/li>\n\n\n\n<li>A cada requisi\u00e7\u00e3o \u00e0 API, o cliente envia o token no <strong>cabe\u00e7alho HTTP Authorization<\/strong>: <br><mark style=\"background-color:#2b2c32\" class=\"has-inline-color has-white-color\">Authorization: Bearer seu-token-jwt<\/mark><\/li>\n\n\n\n<li>O middleware do XData valida a assinatura do token e, se tudo estiver certo, a requisi\u00e7\u00e3o \u00e9 aceita.<\/li>\n\n\n\n<li>Mais detalhes podem ser encontrados na documenta\u00e7\u00e3o oficial neste <a href=\"https:\/\/doc.tmssoftware.com\/biz\/xdata\/guide\/security.html\" target=\"_blank\" rel=\"noreferrer noopener\">link<\/a><\/li>\n<\/ol>\n\n\n\n<p class=\"wp-block-paragraph\">\u25b6\ufe0f <strong>Quer ver isso na pr\u00e1tica?<\/strong><br>Temos v\u00eddeos no nosso canal do YouTube mostrando o passo a passo de como gerar e utilizar um JWT em Delphi, com exemplos claros e diretos ao ponto:<br>\ud83d\udc49 Parte01: <a href=\"https:\/\/www.youtube.com\/watch?v=uYTB_q-C0MY&amp;list=PLLHSz4dOnnN39OimL44gj6CthKx54MNlY&amp;index=17\" data-type=\"link\" data-id=\"https:\/\/www.youtube.com\/@code4delphi\" target=\"_blank\" rel=\"noreferrer noopener\">O que \u00e9 e como usar JWT no Delphi<\/a><br>\ud83d\udc49 Parte02: <a href=\"https:\/\/www.youtube.com\/watch?v=Jgo9vx5La_0&amp;list=PLLHSz4dOnnN39OimL44gj6CthKx54MNlY&amp;index=18\" data-type=\"link\" data-id=\"https:\/\/www.youtube.com\/@code4delphi\" target=\"_blank\" rel=\"noreferrer noopener\">O que \u00e9 e como usar JWT no Delphi na pr\u00e1tica &#8211; Middleware JWT<\/a><\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<p class=\"wp-block-paragraph\">Por hoje \u00e9 s\u00f3, leitores!<br>N\u00e3o se esque\u00e7a de <strong>se cadastrar aqui no blog<\/strong> para receber notifica\u00e7\u00f5es sempre que um novo conte\u00fado for publicado.<br>Nos vemos em breve no pr\u00f3ximo post! \ud83d\udc4b<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Se voc\u00ea trabalha com APIs REST, especialmente em ambientes modernos com autentica\u00e7\u00e3o e autoriza\u00e7\u00e3o, com certeza&#46;&#46;&#46;<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_exactmetrics_skip_tracking":false,"_exactmetrics_sitenote_active":false,"_exactmetrics_sitenote_note":"","_exactmetrics_sitenote_category":0,"footnotes":""},"categories":[1,98],"tags":[99,100,102,101],"class_list":["post-1014","post","type-post","status-publish","format-standard","hentry","category-geral","category-tms","tag-jwt","tag-tms","tag-token","tag-xdata"],"_links":{"self":[{"href":"https:\/\/code4delphi.com.br\/blog\/wp-json\/wp\/v2\/posts\/1014","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/code4delphi.com.br\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/code4delphi.com.br\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/code4delphi.com.br\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/code4delphi.com.br\/blog\/wp-json\/wp\/v2\/comments?post=1014"}],"version-history":[{"count":49,"href":"https:\/\/code4delphi.com.br\/blog\/wp-json\/wp\/v2\/posts\/1014\/revisions"}],"predecessor-version":[{"id":1118,"href":"https:\/\/code4delphi.com.br\/blog\/wp-json\/wp\/v2\/posts\/1014\/revisions\/1118"}],"wp:attachment":[{"href":"https:\/\/code4delphi.com.br\/blog\/wp-json\/wp\/v2\/media?parent=1014"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/code4delphi.com.br\/blog\/wp-json\/wp\/v2\/categories?post=1014"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/code4delphi.com.br\/blog\/wp-json\/wp\/v2\/tags?post=1014"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}