go-json-rest-middleware-jwt icon indicating copy to clipboard operation
go-json-rest-middleware-jwt copied to clipboard

Published 20 hours ago verified publisher icon StephanDollberg

StoreToken introduced + a token is written to request.Env to be able …

Open ruseinov opened this issue 9 years ago • 3 comments

…to use it in the Authorizator

I'd needed that hook to support checking these tokens against Redis or any other storage. If you find that viable for your product - feel free to merge. In my opinion extra hook does not hurt. That's what I've been missing in a lot of middlewares, yours is almost perfect for my needs.

ruseinov avatar Dec 18 '15 15:12 ruseinov

Hi @ruseinov,

Thanks for your PR.

I am not really sure whether this is in the scope of this middleware and makes sense in general. Could you maybe share what your usecases for this are?

Cheers, Stephan

StephanDollberg avatar Dec 18 '15 23:12 StephanDollberg

Hi @StephanDollberg ,

i am missing this feature too. In this case you can not really logout of your site. If someone else has stolen your JWT, he will still be able to login, without any problems. The only "logout" would be, that the Token expires.

The solution would be to store the JWT in a database and if a user is logging out, delete the entry. (still check if the token is valid)

in this case you will never be able to store the JWT anywhere. Thats why he wants the feature

Greetings, Stunkymonkey

Stunkymonkey avatar Oct 11 '16 18:10 Stunkymonkey

Hello @StephanDollberg,

What @Stunkymonkey said basically.

Best, Roman

ruseinov avatar Feb 15 '19 18:02 ruseinov