Optional JWT token?

[cbarraford]

I've forked this repo and added a function to make having a JWT token optional, which leaves it up to the code downstream to determine if authentication is needed. I did this because I'm using graphql, which has a single API endpoint for all API functionality. Since some of my graphql functions require authentication and some do not, I wanted to leave it up to the functions to enforce what its individual requirements are (both authentication and authorization).

Is this a feature this repo would like to have? I'll open a PR if its something the maintainers would like to have.

[cbarraford]

alternatively, the other way you can solve this problem within graphql (instead of making changes to this code base), you can create two graphql endpoints, one auth'ed and one without auth. I personally, don't like the idea of needing to build two graphql endpoints (it goes against one of the core concepts of graphql of the path of the url not being meaningful).

[twellick]

We are using GraphQL aswell with optional authentication. This would be cleanest way to solve it while keeping a single GraphQL endpoint.

Thoughts? @appleboy

[cliedeman]

authMiddleware := authMiddleware.MiddlewareFunc()

r.Use(func(ctx *gin.Context) {
	// Only execute auth if header present
	if _, ok := ctx.Request.Header["Authorization"]; ok {
		authMiddleware(ctx)
	}
})

Seems to work.

[colmex]

authMiddleware := authMiddleware.MiddlewareFunc()

r.Use(func(ctx *gin.Context) {
	// Only execute auth if header present
	if _, ok := ctx.Request.Header["Authorization"]; ok {
		authMiddleware(ctx)
	}
})

Seems to work.

@cliedeman This worked for me! Thanks!