# package auth/jwt

`package auth/jwt` provides a set of interfaces for service authorization through [JSON Web Tokens](https://jwt.io/).

## Usage

NewParser takes a key function and an expected signing method and returns an `endpoint.Middleware`. 
The middleware will parse a token passed into the context via the `jwt.JWTTokenContextKey`. 
If the token is valid, any claims will be added to the context via the `jwt.JWTClaimsContextKey`.

```go
import (
	stdjwt "github.com/dgrijalva/jwt-go"
    
    "github.com/go-kit/kit/auth/jwt"
    "github.com/go-kit/kit/endpoint"
)

func main() {
	var exampleEndpoint endpoint.Endpoint
	{
		keyFunc := func(token *stdjwt.Token) (interface{}, error) { return []byte("SigningString"), nil }
		jwtParser := jwt.NewParser(keyFunc, stdjwt.SigningMethodHS256)
        
		exampleEndpoint = MakeExampleEndpoint(service)
		exampleEndpoint = jwtParser(exampleEndpoint)
	}
}
```

NewSigner takes a JWT key id header, the signing key, signing method, and a claims object. It returns an `endpoint.Middleware`.
The middleware will build the token string and add it to the context via the `jwt.JWTTokenContextKey`.

```go
import (
	stdjwt "github.com/dgrijalva/jwt-go"
    
    "github.com/go-kit/kit/auth/jwt"
    "github.com/go-kit/kit/endpoint"
)

func main() {
	var exampleEndpoint endpoint.Endpoint
	{
		jwtSigner := jwt.NewSigner("kid-header", []byte("SigningString"), stdjwt.SigningMethodHS256, jwt.Claims{})
        
		exampleEndpoint = grpctransport.NewClient(
        	. // build client endpoint here
			.
			.
		).Endpoint()

		exampleEndpoint = jwtSigner(exampleEndpoint)
	}
}
```

In order for the parser and the signer to work, the authorization headers need to be passed between the request and the context.
`ToHTTPContext()`, `FromHTTPContext()`, `ToGRPCContext()`, and `FromGRPCContext()` are given as helpers to do this.
These function impliment the correlating transport's RequestFunc interface and can be passed as ClientBefore or ServerBefore options.

Example of use in a client:

```go
import (
    stdjwt "github.com/dgrijalva/jwt-go"
    grpctransport "github.com/go-kit/kit/transport/grpc"
    
    "github.com/go-kit/kit/auth/jwt"
    "github.com/go-kit/kit/endpoint"
)

func main() {

    options := []httptransport.ClientOption{}
	var exampleEndpoint endpoint.Endpoint
	{
		jwtSigner := jwt.NewSigner("kid-header", []byte("SigningString"), stdjwt.SigningMethodHS256, jwt.Claims{})
       
		options = append(options, grpctransport.ClientBefore(jwt.FromGRPCContext()))
		exampleEndpoint = grpctransport.NewClient(
        	. // build client endpoint here
			.
			options....
		).Endpoint()

		exampleEndpoint = jwtSigner(exampleEndpoint)
	}
}
```

Example of use in a server:

```go
import (
	"golang.org/x/net/context"

	"github.com/go-kit/kit/auth/jwt"
	"github.com/go-kit/kit/log"
	grpctransport "github.com/go-kit/kit/transport/grpc"
)

func MakeGRPCServer(ctx context.Context, endpoints Endpoints, logger log.Logger) pb.ExampleServer {
	options := []grpctransport.ServerOption{grpctransport.ServerErrorLogger(logger)}

	return &grpcServer{
		createUser: grpctransport.NewServer(
			ctx,
			endpoints.CreateUserEndpoint,
			DecodeGRPCCreateUserRequest,
			EncodeGRPCCreateUserResponse,
			append(options, grpctransport.ServerBefore(jwt.ToGRPCContext()))...,
		),
		getUser: grpctransport.NewServer(
			ctx,
			endpoints.GetUserEndpoint,
			DecodeGRPCGetUserRequest,
			EncodeGRPCGetUserResponse,
			options...,
		),
	}
}
```