Am 27 verify jwt - Githubissues

bixlabs / authentication

A module in Go for authentication

1 stars 0 forks source link

Am 27 verify jwt #30

Closed jac1013 closed 5 years ago

jac1013 commented 5 years ago

Description

Added a mechanism to verify JWT tokens

Stories

https://bixlabs.atlassian.net/browse/AM-27

List of changes

Added JWT verification mechanism
Added an endpoint to use verification of JWT feature.

Steps to Test or Reproduce

You can run test which will run integration tests for this feature, you can also do it manually through swagger.

Impacted Areas in Application

List general components of the application that this PR will affect.

Login

Migrations

NO

todo[bot] commented 5 years ago

Use ShouldBindHeader when gin framework releases the feature, it's in master but not release.

https://github.com/bixlabs/authentication/blob/e96108d2e7e5be6ad5378715c85e2470cca14b14/api/authentication/authentication.go#L298-L303

This comment was generated by todo based on a `TODO` comment in e96108d2e7e5be6ad5378715c85e2470cca14b14 in #30. cc @bixlabs.

todo[bot] commented 5 years ago

We could use nested struct promoted fields here but swaggo

https://github.com/bixlabs/authentication/blob/e96108d2e7e5be6ad5378715c85e2470cca14b14/api/authentication/structures/token/token.go#L8-L13

This comment was generated by todo based on a `TODO` comment in e96108d2e7e5be6ad5378715c85e2470cca14b14 in #30. cc @bixlabs.

todo[bot] commented 5 years ago

This is a workaround because jwt-go is validating iat when it shouldn't (jwt specification doesn't say so)

https://github.com/bixlabs/authentication/blob/e96108d2e7e5be6ad5378715c85e2470cca14b14/authenticator/interactors/implementation/authenticator.go#L97-L102

This comment was generated by todo based on a `TODO` comment in e96108d2e7e5be6ad5378715c85e2470cca14b14 in #30. cc @bixlabs.