While trying to make Go my #1 backend language, I decided to build an API authentication app, since most of the applications I work on require it.
Have a look at my code on Github (at https://github.com/mmattklaus/go-jwt-demo), and see how I approached it. I documented every bit. Hopefully, it'll help. On Fri, Sep 27, 2019 at 1:23 PM Martin Palma <m...@palma.bz> wrote: > Yes the handler are arranged as follows: > > OAuth2Middleware (JWT token creation on login / JWT validation) -> > InputValidationMiddleware (decoding and validating user input and checks if > the user has the rights to view/request the data according to the claims in > the JWT) -> API Handler (decoding user input and talking to the backend, > return response to the user) > > You are right the OAuth2Middlware could instead of passing the token after > validation also pass the claims using the request context. That's right. > > Thank you for the feedback. > > On Thu, 26 Sep 2019 at 21:36, burak serdar <bser...@computer.org> wrote: > >> On Thu, Sep 26, 2019 at 1:14 PM Martin Palma <m...@palma.bz> wrote: >> > >> > Hello, >> > >> > I'm in the process of writing an HTTP API with Go. I use a middleware >> for generating and validating JWT tokens. On any incoming request the >> middleware checks the JWT and validates it. If valid it adds it to the >> request header and calls the next handler. >> > >> > Is it save to use the JWT in the next handler without validating it >> again and using the claims? >> >> If you make sure you have those two handlers in that order, then the >> answer is yes. >> >> Another approach is to validate the JWT in the first handler, and put >> the claims into the request context for the next handler, so the next >> handler doesn't even deal with the JWT, and gets the claims from the >> context. This assumes the second handler won't be called if JWT >> doesn't validate. >> >> > >> > Best, >> > Martin >> > >> > -- >> > You received this message because you are subscribed to the Google >> Groups "golang-nuts" group. >> > To unsubscribe from this group and stop receiving emails from it, send >> an email to golang-nuts+unsubscr...@googlegroups.com. >> > To view this discussion on the web visit >> https://groups.google.com/d/msgid/golang-nuts/69d031e5-2a11-4904-84d6-1e67c0bc85a9%40googlegroups.com >> . >> > -- > You received this message because you are subscribed to the Google Groups > "golang-nuts" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to golang-nuts+unsubscr...@googlegroups.com. > To view this discussion on the web visit > https://groups.google.com/d/msgid/golang-nuts/CANMxC7C_kXNmX1_RCCYwCS3X-7dTrLc_sfzLi-F8mLpcffMY2A%40mail.gmail.com > <https://groups.google.com/d/msgid/golang-nuts/CANMxC7C_kXNmX1_RCCYwCS3X-7dTrLc_sfzLi-F8mLpcffMY2A%40mail.gmail.com?utm_medium=email&utm_source=footer> > . > -- You received this message because you are subscribed to the Google Groups "golang-nuts" group. To unsubscribe from this group and stop receiving emails from it, send an email to golang-nuts+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/golang-nuts/CALTrTgrkgwxeU1d%2BSeciXFmpT5VRRUV36z9j5hU-mYAFvqHYBQ%40mail.gmail.com.
