JWTAuthHandler interface create cannot skip multiple paths

[patton73]

Version

• vert.x core: 3.5.0
• vert.x web: 3.5.0

The interface JWTAuthHandler create method static JWTAuthHandler create(JWTAuth authProvider, String skip)

lacks the possibility to skip completely different path routes (for example /path1 /path2) Could be very useful to add this possibility. You can pass an ArrayList of String to be skipped.

Thank you very much for your help. Andrea.

[patton73]

Posted in the right project. https://github.com/vert-x3/vertx-auth

[pmlopes]

Actually this is the right project as the auth project only contains the low level jwt code, parse validation.

[pmlopes]

@patton73 wouldn't it make more sense to have a generic skip auth handler? that would apply not just for JWT but for any Auth handler?

I believe it is easier to implement even as a first contribution/pull request and the whole ecosystem would benefit from it

[patton73]

I agree that a generic skip is a lot better. I need to see if I have time to provide a pull request for this feature. But now i am bit puzzled. What are the sources to modify? In vertx.web? Or in vertx.auth? Thanks.

Andrea.

[pmlopes]

@patton73 in vertx-web add a new interface that extends Handler<RoutingContext> that defines the methods to manage the ignore paths. Then on the impl package implement the interface, in the handle method verify if the request path patches the ignore then go to next, otherwise we need to route through a auth provider

[shaykh-salman]

Do we have any fix on this issue? For skipping multiple URL's

[pmlopes]

@shaykh-salman This issue has low priority and is a good first contribution if you're interested. This way you can help the project to go forward faster!

[pmlopes]

After more thought on this, it should not be the concern of the JWTHandler to skip routes, it would make more sense only to set this handler for routes that really require the JWT security, this way you're not working against the security and doing partially the work of the router.

[shaykh-salman]

How about the following scenario,

router.get("/api/*") .handler(JWTAuthHandler.create(jwt, "/api/A/web/"));

In this case, I want to skip few sub routes of A, where A is a Microservice (assuming), and I do service discovery from API gateway for A, . Would you mind throwing some light on this issue.