On Thu, Sep 26, 2019 at 1:14 PM Martin Palma <m...@palma.bz> wrote: > > Hello, > > I'm in the process of writing an HTTP API with Go. I use a middleware for > generating and validating JWT tokens. On any incoming request the middleware > checks the JWT and validates it. If valid it adds it to the request header > and calls the next handler. > > Is it save to use the JWT in the next handler without validating it again and > using the claims?
If you make sure you have those two handlers in that order, then the answer is yes. Another approach is to validate the JWT in the first handler, and put the claims into the request context for the next handler, so the next handler doesn't even deal with the JWT, and gets the claims from the context. This assumes the second handler won't be called if JWT doesn't validate. > > Best, > Martin > > -- > You received this message because you are subscribed to the Google Groups > "golang-nuts" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to golang-nuts+unsubscr...@googlegroups.com. > To view this discussion on the web visit > https://groups.google.com/d/msgid/golang-nuts/69d031e5-2a11-4904-84d6-1e67c0bc85a9%40googlegroups.com. -- You received this message because you are subscribed to the Google Groups "golang-nuts" group. To unsubscribe from this group and stop receiving emails from it, send an email to golang-nuts+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/golang-nuts/CAMV2RqqOm-gMTzBp3tn796R5HmM8Lm6Cpg%3D4giZAViZzn4Nn1A%40mail.gmail.com.
