diff --git a/README.md b/README.md index b69b438..f68e46c 100644 --- a/README.md +++ b/README.md @@ -1,4 +1,4 @@ -# jwtauth - JWT authentication middleware for Go HTTP services +# jwtauth - JWT authentication middleware for HTTP services [![GoDoc Widget]][godoc] @@ -23,12 +23,11 @@ your flow (ie. with a JSON error response body). By default, the `Verifier` will search for a JWT token in a http request, in the order: -1. 'jwt' URI query parameter -2. 'Authorization: BEARER T' request header -3. 'jwt' Cookie value +1. 'Authorization: BEARER T' request header +2. 'jwt' Cookie value -The first JWT string that is found as a query parameter, authorization header -or cookie header is then decoded by the `jwt-go` library and a \*jwt.Token +The first JWT string that is found as an authorization header +or cookie header is then decoded by the `lestrrat-go/jwx` library and a jwt.Token object is set on the request context. In the case of a signature decoding error the Verifier will also set the error on the request context. @@ -39,7 +38,7 @@ http response. Note: jwtauth supports custom verification sequences for finding a token from a request by using the `Verify` middleware instantiator directly. The default -`Verifier` is instantiated by calling `Verify(ja, TokenFromQuery, TokenFromHeader, TokenFromCookie)`. +`Verifier` is instantiated by calling `Verify(ja, TokenFromHeader, TokenFromCookie)`. # Usage diff --git a/jwtauth.go b/jwtauth.go index dc6be6e..a694576 100644 --- a/jwtauth.go +++ b/jwtauth.go @@ -12,13 +12,18 @@ import ( "github.com/lestrrat-go/jwx/jwt" ) -// Context keys +type JWTAuth struct { + alg jwa.SignatureAlgorithm + signKey interface{} // private-key + verifyKey interface{} // public-key, only used by RSA and ECDSA algorithms + verifier jwt.ParseOption +} + var ( TokenCtxKey = &contextKey{"Token"} ErrorCtxKey = &contextKey{"Error"} ) -// Library errors var ( ErrUnauthorized = errors.New("token is unauthorized") ErrExpired = errors.New("token is expired") @@ -28,13 +33,6 @@ var ( ErrAlgoInvalid = errors.New("algorithm mismatch") ) -type JWTAuth struct { - alg jwa.SignatureAlgorithm - signKey interface{} // private-key - verifyKey interface{} // public-key, only used by RSA and ECDSA algorithms - verifier jwt.ParseOption -} - func New(alg string, signKey interface{}, verifyKey interface{}) *JWTAuth { ja := &JWTAuth{alg: jwa.SignatureAlgorithm(alg), signKey: signKey, verifyKey: verifyKey} @@ -65,7 +63,7 @@ func New(alg string, signKey interface{}, verifyKey interface{}) *JWTAuth { // http response. func Verifier(ja *JWTAuth) func(http.Handler) http.Handler { return func(next http.Handler) http.Handler { - return Verify(ja, TokenFromQuery, TokenFromHeader, TokenFromCookie)(next) + return Verify(ja, TokenFromHeader, TokenFromCookie)(next) } } @@ -266,6 +264,14 @@ func TokenFromHeader(r *http.Request) string { // TokenFromQuery tries to retreive the token string from the "jwt" URI // query parameter. +// +// To use it, build our own middleware handler, such as: +// +// func Verifier(ja *JWTAuth) func(http.Handler) http.Handler { +// return func(next http.Handler) http.Handler { +// return Verify(ja, TokenFromQuery, TokenFromHeader, TokenFromCookie)(next) +// } +// } func TokenFromQuery(r *http.Request) string { // Get token from query param named "jwt". return r.URL.Query().Get("jwt")