Currently, this library requires that the JWT be specified as a bearer token in the Authorization header.
However, this doesn't work for WebSockets, since the browser WebSocket API does not allow passing custom headers. The preferred solution in this case is to pass the header value in Sec-WebSocket-Protocol instead.
Would it be possible to support this in this Go library?
Basically, this just means allowing the user to pass a function with signature func(r *http.Request) string as an option, and defaulting this option to a function that extracts the JWT from Authorization header as usual.
gkats
commented
1 month ago
Currently, this library requires that the JWT be specified as a bearer token in the
Authorizationheader.However, this doesn't work for WebSockets, since the browser WebSocket API does not allow passing custom headers. The preferred solution in this case is to pass the header value in Sec-WebSocket-Protocol instead.
Would it be possible to support this in this Go library?
Basically, this just means allowing the user to pass a function with signature
func(r *http.Request) stringas an option, and defaulting this option to a function that extracts the JWT from Authorization header as usual.