Comments (2)
jess-belliveau
commented on September 18, 2024
1
@avpavp, I had a similar requirement that I was playing around with. Support for each caller to have its own shared secret. I've ended up with the following as the starting function for my middleware, replacing the original "jwtauth.Verifier" call:
func verifyCaller(next http.Handler) http.Handler {
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
log.Println("Executing Verifier")
encodedToken := jwtauth.TokenFromHeader(r)
if encodedToken != "" {
encodedPayload := strings.Split(encodedToken, ".")
decodedPayload, err := base64.StdEncoding.DecodeString(encodedPayload[1])
if err != nil {
log.Println("Payload decode error:", err)
http.Error(w, http.StatusText(500), 500)
return
}
payload := make(map[string]string)
err = json.Unmarshal(decodedPayload, &payload)
caller := payload["caller"]
// Go off to secret vault, get secret for caller
sharedSecret := determineCallerSecret(caller)
if sharedSecret != "" {
// Secret has been determined - build tokenAuth, verify and modify context
log.Println("Caller: " + caller + ", Secret located.")
tokenAuth = jwtauth.New("HS256", []byte(sharedSecret), nil)
ctx := r.Context()
token, err := jwtauth.VerifyRequest(tokenAuth, r, jwtauth.TokenFromHeader)
ctx = jwtauth.NewContext(ctx, token, err)
next.ServeHTTP(w, r.WithContext(ctx))
} else {
log.Println("Err: secret lookup failed")
http.Error(w, http.StatusText(500), 500)
return
}
} else {
log.Println("Err: JWT token payload not found.")
http.Error(w, http.StatusText(401), 401)
return
}
})
}
This decodes the payload of the JWT and looks for a required entry "caller" - this value is then passed to a function which connects to how ever you are storing your secrets. I am yet to really test this, but some initial curl attempts with varying tokens look good.
I am going to try and find a better way to decode the payload and you may also want to support the ALG type changing based on caller. Also determineCallerSecret() should return an err, not just an empty string - but this was quick first pass.
EDIT: I'll also include what my testing router looks like (using gorilla/mux):
r := mux.NewRouter()
api := r.PathPrefix("/api/v1").Subrouter()
// Custom middleware to determine the caller, set the secret and verify the JWT
api.Use(verifyCaller)
// jwtauth middlware to authenticate based on the token
api.Use(jwtauth.Authenticator)
api.HandleFunc("", get).Methods(http.MethodGet)
from jwtauth.
pkieltyka
commented on September 18, 2024
note, underlying lib in master has changed to https://github.com/lestrrat-go/jwx but jwtauth api is largely the same
from jwtauth.
Related Issues (20)
- How set expires time in MapClaims HOT 1
- jwtauth: token is expired HOT 2
- Having a hard time setting up a custom authenticator function
- Move away from unmaintained dgrijalva/jwt-go HOT 10
- I seem to be having issues and errors with NBF HOT 4
- go get github.com/go-chi/jwtauth fails HOT 1
- Getting same token for every request HOT 3
- `null` values in token lead to panic in jwtauth.Authenticator HOT 5
- Altering Validation Options to jwt.Validate() HOT 1
- README and Comments Corrections After JWT Lib Change HOT 1
- int turns float64 after decode HOT 1
- OIDC Discovery functionality HOT 2
- How to determine token type on Verify? HOT 2
- Usage with Auth0 with ID Token HOT 1
- TokenFromQuery is missing in Verifier HOT 5
- How to use JWT expiration? HOT 1
- jwt.Validate in jwtauth.Authenticator package error HOT 2
- Getting 401 unauthorized when passing token on multiple services
- Allow users to retrieve JWT from a query and cookie with a specified name HOT 1
- Missing error handling when set claim fields
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from jwtauth.