search

auth0 / go-jwt-middleware

A Middleware for Go Programming Language to check for JWTs on HTTP requests
MIT License
1.08k stars 205 forks source link

feat: add JWKS provider to the josev2 validator #97

Closed grounded042 closed 3 years ago

grounded042 commented 3 years ago

Many times JWTs will be signed with a JWKS. When working with JWKS it is beneficial to cache the keys used to check token in order to decrease request round-trip and keep from potentially hitting identity provider rate limits. This PR adds a JWKS provider to the josev2 validator as well as a caching JWKS provider.

codecov-commenter commented 3 years ago

Codecov Report

Merging #97 (c3d388a) into v2 (66a443b) will decrease coverage by 6.86%. The diff coverage is 65.11%.

Impacted file tree graph

@@            Coverage Diff             @@
##               v2      #97      +/-   ##
==========================================
- Coverage   92.42%   85.55%   -6.87%     
==========================================
  Files           3        3              
  Lines         132      180      +48     
==========================================
+ Hits          122      154      +32     
- Misses          9       21      +12     
- Partials        1        5       +4
Impacted Files Coverage Δ
validate/josev2/josev2.go 74.69% <65.11%> (-11.02%) :arrow_down:
jwtmiddleware.go 92.95% <0.00%> (-0.80%) :arrow_down:

Continue to review full report at Codecov.

Legend - Click here to learn more Δ = absolute <relative> (impact), ø = not affected, ? = missing data Powered by Codecov. Last update 66a443b...c3d388a. Read the comment docs.

wimdec commented 3 years ago

Maybe also update example: https://github.com/auth0/go-jwt-middleware/tree/v2/validate/josev2/examples ?

grounded042 commented 3 years ago

@wimdec thanks for the review! I think I'll break out a second example for JWKS specifically.