jwt-auth

jwt-auth copied to clipboard

Max-Age in setCredentialsOnResponseWriter function

1

// tokens are in cookies // note: don't use an "Expires" in auth cookies bc browsers won't send expired cookies? authCookie := http.Cookie{ Name: a.options.AuthTokenName, Value: authTokenString, Path: "/", //...

decozo150

Nil pointer reference, if refreshtoken is expired or not sent with request

2

Hello there Although this is a quite unlikely scenario, the auth.Handler will panic, caused by [line 412 in `auth.go`](https://github.com/adam-hanna/jwt-auth/blob/develop/jwt/auth.go#L412), if the refresh token is not sent with the request. Maybe...

iwyg

Tokens in Context

1

It would be useful to have AuthToken, RefreshToken, X-Csrf-Token and expiration in the request.Context(). This is useful if you need to send tokens in request body or do something else...

areYouLazy

Invalidation of cookies does not work

1

Hi there In the [`NullifyTokens()`](https://github.com/adam-hanna/jwt-auth/blob/develop/jwt/auth.go#L378) func you want to delete / invalidate the [`authCookie`](https://github.com/adam-hanna/jwt-auth/blob/develop/jwt/auth.go#L391) and [`refreshCookie`](https://github.com/adam-hanna/jwt-auth/blob/develop/jwt/auth.go#L401). Unfortunately this does not work if the cookie has no value for the path...

nItroFreeZer