Open jhildreth opened 7 years ago
Putting the claims on the request context would make the most sense, I think.
I think that middleware is not intended to use params at all. middleware should work with request.context only, while falcon.before decorators may modify params, as they are declared before function and it's obviously that they may modify function arguments, while middlewares are not.
Currently, the decoded jwt claims are passed along to resource's responder method as the 'jwt_claims' keyword argument. Some responder methods may want to make use of data in these claims (such as the user in the 'sub' claim), so they should be passed along. However, in some applications this may be unnecessary, and resource responder methods may not be expecting it.
Perhaps this behavior should be optional (and disabled by default), toggled when a JwtChecker is instantiated.