Codebase list golang-github-go-kit-kit / b33bd77 auth / jwt / README.md
b33bd77

Tree @b33bd77 (Download .tar.gz)

README.md @b33bd77raw · history · blame 

  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
# package auth/jwt

`package auth/jwt` provides a set of interfaces for service authorization through [JSON Web Tokens](https://jwt.io/).

## Usage

NewParser takes a key function and an expected signing method and returns an `endpoint.Middleware`. 
The middleware will parse a token passed into the context via the `jwt.JWTTokenContextKey`. 
If the token is valid, any claims will be added to the context via the `jwt.JWTClaimsContextKey`.

```go
import (
	stdjwt "github.com/dgrijalva/jwt-go"
    
    "github.com/go-kit/kit/auth/jwt"
    "github.com/go-kit/kit/endpoint"
)

func main() {
	var exampleEndpoint endpoint.Endpoint
	{
		keyFunc := func(token *stdjwt.Token) (interface{}, error) { return []byte("SigningString"), nil }
		jwtParser := jwt.NewParser(keyFunc, stdjwt.SigningMethodHS256)
        
		exampleEndpoint = MakeExampleEndpoint(service)
		exampleEndpoint = jwtParser(exampleEndpoint)
	}
}
```

NewSigner takes a JWT key id header, the signing key, signing method, and a claims object. It returns an `endpoint.Middleware`.
The middleware will build the token string and add it to the context via the `jwt.JWTTokenContextKey`.

```go
import (
	stdjwt "github.com/dgrijalva/jwt-go"
    
    "github.com/go-kit/kit/auth/jwt"
    "github.com/go-kit/kit/endpoint"
)

func main() {
	var exampleEndpoint endpoint.Endpoint
	{
		jwtSigner := jwt.NewSigner("kid-header", []byte("SigningString"), stdjwt.SigningMethodHS256, jwt.Claims{})
        
		exampleEndpoint = grpctransport.NewClient(
        	. // build client endpoint here
			.
			.
		).Endpoint()

		exampleEndpoint = jwtSigner(exampleEndpoint)
	}
}
```

In order for the parser and the signer to work, the authorization headers need to be passed between the request and the context.
ToHTTPContext(), FromHTTPContext(), ToGRPCContext(), and FromGRPCContext() are given as helpers to do this.
These function impliment the correlating transport's RequestFunc interface and can be passes as ClientBefore or ServerBefore options.

Example of use in a client:

```go
import (
	stdjwt "github.com/dgrijalva/jwt-go"
    
    "github.com/go-kit/kit/auth/jwt"
    "github.com/go-kit/kit/endpoint"
)

func main() {

    options := []httptransport.ClientOption{}
	var exampleEndpoint endpoint.Endpoint
	{
		jwtSigner := jwt.NewSigner("kid-header", []byte("SigningString"), stdjwt.SigningMethodHS256, jwt.Claims{})
       
		options = append(options, httptransport.ClientBefore(jwt.FromGRPCContext()))
		exampleEndpoint = grpctransport.NewClient(
        	. // build client endpoint here
			.
			options....
		).Endpoint()

		exampleEndpoint = jwtSigner(exampleEndpoint)
	}
}
```

Example of use in a server:

```go
import (
	"golang.org/x/net/context"

	"github.com/go-kit/kit/auth/jwt"
	"github.com/go-kit/kit/log"
	grpctransport "github.com/go-kit/kit/transport/grpc"
)

func MakeGRPCServer(ctx context.Context, endpoints Endpoints, logger log.Logger) pb.ExampleServer {
	options := []grpctransport.ServerOption{grpctransport.ServerErrorLogger(logger)}

	return &grpcServer{
		createUser: grpctransport.NewServer(
			ctx,
			endpoints.CreateUserEndpoint,
			DecodeGRPCCreateUserRequest,
			EncodeGRPCCreateUserResponse,
			append(options, grpctransport.ServerBefore(jwt.ToGRPCContext()))...,
		),
		getUser: grpctransport.NewServer(
			ctx,
			endpoints.GetUserEndpoint,
			DecodeGRPCGetUserRequest,
			EncodeGRPCGetUserResponse,
			options...,
		),
	}
}
```