search

go-chi / jwtauth

JWT authentication middleware for Go HTTP services
MIT License
550 stars 91 forks source link

A proposal for a migration to v3.0.0 of https://github.com/dgrijalva/jwt-go #11

Closed alexguzun closed 7 years ago

alexguzun commented 7 years ago

Hi!

I have implemented some quick changes that allow migration to the version 3.0.0 of https://github.com/dgrijalva/jwt-go, using jwt.MapClaims.

Changes are minimal and don't change existing contract.

pkieltyka commented 7 years ago

thanks @alexguzun how do you resolve the issue with https://github.com/dgrijalva/jwt-go/issues/145 ?

alexguzun commented 7 years ago

Hi @pkieltyka! I have failed to check that you have already started working on a migration. My bad.

The issue you have mentioned remains unsolved. My version uses the standard Parse function, that uses MapClaims.

The main goal of my PR was to make code compile and successfully run all the test with the latest version of dgrijalva/jwt-go .

If I correctly understood the problem dgrijalva/jwt-go#145, it only occurs when you want to parse the token directly into custom claims, not the standard one. However if you limit the usage of custom claims just for the creation of the token, and later use standard claims (MapClaims) for reading information, the issue will not be a problem.

Take a look at the Encode function: 

func (ja *JwtAuth) Encode(claims Claims) (t *jwt.Token, tokenString string, err error) {
    t = jwt.New(ja.signer)
    t.Claims = toMapClaims(claims)
    tokenString, err = t.SignedString(ja.signKey)
    t.Raw = tokenString
    return
}

Reading the Claims is as simple as this:

token := ctx.Value("jwt").(*jwt.Token)
claims := token.Claims.(jwt.MapClaims)

I understand this is not the best solution for all problems, but at least this PR allows some users, that got the latest version of jwtauth and jwt-go to continue developing their application.

pkieltyka commented 7 years ago

@alexguzun thanks for the work anyways. I also have a PR https://github.com/goware/jwtauth/pull/8 which I believe should have a breaking test case to confirm completion. I'd have to dive back into the problem again, but at this time without having more time, I've decided to stick to jwt-go v2.7

alexguzun commented 7 years ago

@pkieltyka No problems! Ping me if I can help with anything. What should I do with the PR? Close it?

pkieltyka commented 7 years ago

completed support for jwt-go v3 in master of jwtauth