v2: validator for golang-jwt/jwt
#91
Conversation
|
Hey @oxisto thanks for this! I'm a little swamped at the moment, but I'm carving out some time on Friday to review this. |
Codecov Report
@@ Coverage Diff @@
## v2 #91 +/- ##
==========================================
+ Coverage 90.56% 92.42% +1.85%
==========================================
Files 2 3 +1
Lines 106 132 +26
==========================================
+ Hits 96 122 +26
Misses 9 9
Partials 1 1
Continue to review full report at Codecov.
|
There was a problem hiding this comment.
Overall this looks great and thank you for the contribution! I left a couple of comments and nits on cleanups.
It follows largely the same style as the jose one, with a few exceptions:
- Clock skew is not supported
- Expected claims can not be set
Not supporting clock skew isn't a blocker, but it is a downside here. One of the features we want to support is clock skew. Is it possible that golang-jwt/jwt will support this in the future?
Not supporting expected claims is no problem as that's a setup from the other package.
Thanks for the review, I will look at the smaller changes. I am planning to add clock skew among other validation features from the old |
|
Awesome! Knowing it's on the backlock is a big help! |
https://github.com/golang-jwt/jwt will serve as a long-term replacement to https://github.com/dgrijalva/jwt-go. Following the ideas discussed in #73, I have added a validator that uses the new repository.
It follows largely the same style as the jose one, with a few exceptions:
I want to hold of on marking this "ready" until there is a first
v3.2.1release of https://github.com/golang-jwt/jwt, which will happened soon.Additionally, it would probably make sense to put the validators in their own go module, so that only the validators have a dependency to the actual jwt libraries, not the middleware itself.