Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Authenticator and PrivateKey should not be required by default #274

Open
renta opened this issue May 19, 2021 · 1 comment
Open

Authenticator and PrivateKey should not be required by default #274

renta opened this issue May 19, 2021 · 1 comment

Comments

@renta
Copy link

renta commented May 19, 2021

Authenticator function and private key are required now if you want to use this middleware in a Gin project. But sometimes your application does not issue JWT-tokens, refresh and destroy them (especially in a microservice architecture where this functions usually do a separate service), but only needs an ability to read the token and extract claims from it. In such a case you just should provide a public file and encryption algorithm name. For example, Echo framework jwt-middleware could be created with only public key and algo name (see https://echo.labstack.com/middleware/jwt/):

jwtConfig := middleware.JWTConfig{
	SigningKey:    publicKey,
	SigningMethod: jwt.SigningMethodRS256.Name,
}

I believe that this middleware also should require only minimum for tokens parsing.
@renta
Copy link
Author

renta commented May 19, 2021

This task could be done with such a middleware: https://gist.github.com/renta/e6c3a67f40a3a8edd251c8c804293c7e

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@renta