token strategy/pkg docs

[shaj13]

Tasks:

• add docs to token strategy (godoc)
• add links to the readme (api-key, bearer, x-header)

[briwagner]

Hey, I just stumbled on this project and was going to begin using for a personal site. Are you still looking for assistance on this issue?

I realize this is a result of the changes from version 1.x to 2.x. My understanding is that the bearer type is being deprecated, and the walkthough (https://medium.com/@hajsanad/authentication-in-golang-using-go-guardian-b1cd47da47a0) isn't valid for version 2.x.

I glanced at the _example/ directory and didn't see an entry for token. I'm not sure if that is part of the work required here, or something else. Please let me know if I can help with some of the docs, examples here.

Thanks, Brian

[shaj13]

@briwagner first of all, thank you for reaching out. FYI, moved to v2 for more scalability and maintenance. IIRC, https://github.com/shaj13/go-guardian/tree/master/_examples/basic_bearer cover the token and basic strategy may we need to rename the folder. honestly, I will be glad if you could assist, I would like to start from the readme so we can welcome users and navigate them in the right direction while explains the project. let me know what you think.

[briwagner]

Yes, I'm happy to help where you think it's needed. Let me know what is most helpful at this point, and I will try to suggest some changes.

I agree: it may be simply renaming the folder in _examples/, to "token". When I looked initially I was confused there was no entry for token. I expected the folder list for auth/strategies/ to match _examples/. Just my initial expectation.

My use case was basic and JWT token, so that's something I'm comfortable with. I don't have experience with the other strategies.

But let me know what you have in mind for expanding the README, and if I can help. Just as a comparison, I see how netlify/gotrue walks through more of the details for each method, and has more code examples. Maybe too many? It's almost a bit of info overload, but if you know what you're looking for in there, it can be helpful.

[shachardevops]

Hello, I started to use this package yesterday.
I have a little question, related to the JWT Strategy - what if I want to change the ID to the user ID

func setupGoGuardian() {
    keeper = jwt.StaticSecret{
        ID:        "TEST", <<<<<<<<<<
        Secret:    []byte("JWTSecret"),
        Algorithm: jwt.HS256,
    }
    cache := libcache.FIFO.New(0)
    cache.SetTTL(time.Minute * 5)
    cache.RegisterOnExpired(func(key, _ interface{}) {
        cache.Peek(key)
    })
    basicStrategy := basic.NewCached(validateUser, cache)
    jwtStrategy := jwt.New(cache, keeper)
    middlewares.Strategy = union.New(jwtStrategy, basicStrategy)
}

My problem is: The ID is dynamic and based on the user from the DB.
How can I achieve this?

[shaj13]

@shachardevops StaticSecret.ID used to be added to the jwt kid header so when the token comeback we can validate it with the correct secret. PTAL https://tools.ietf.org/html/rfc7515#section-4.1.4

basically, a secure system rotates the jwt signing key every X interval duration, StaticSecret is aimed to return always the same key. so we are supporting both kinds of static and rotated keys See for rotation example https://play.golang.org/p/5N-5fWa0mfN.

regarding the user id, it's supported but examples use hardcoded for simplicity, so you can build user object from DB and pass it to IssueAccessToken one thing for sure you can use the default user with Extensions to add extra properties or take the hard way and implement a user info interface. PTAL https://github.com/shaj13/go-guardian/blob/master/auth/strategies/jwt/token_test.go#L91 e.g https://play.golang.org/p/lFTf6yIYBUT

please create a different issue for further question would like to keep this for docs.

[shaj13]

@briwagner awesome let's start by re-organize the examples. split the basic_bearer to basic and token. the token example can use the basic similar to jwt example

regarding README maybe something similar to cobra what do you think?

[shaj13]

@briwagner created an issue for example #104, feel free to take it.

[briwagner]

Meant to follow up on this: I'm adding a PR for #104