go-zero
go-zero copied to clipboard
zeromicro
bug: when jwt payload defined key was in Reserved claims,middleware contex().value will not work
when define a jwt payload,and its key in
The JWT specification defines seven reserved claims that are not required, but are recommended to allow interoperability with third-party applications. These are:
iss (issuer): Issuer of the JWT
sub (subject): Subject of the JWT (the user)
aud (audience): Recipient for which the JWT is intended
exp (expiration time): Time after which the JWT expires
nbf (not before time): Time before which the JWT must not be accepted for processing
iat (issued at time): Time at which the JWT was issued; can be used to determine age of the JWT
jti (JWT ID): Unique identifier; can be used to prevent the JWT from being replayed (allows a token to be used only once)
for example a payload eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJkb21haW4iOiI2MmM1NDU1ZWEwMDFmNzgyZTQzY2MxYmYiLCJleHBpcmF0aW9uIjoxNjU3MTY3MjM4LCJzdWIiOiJtYW5hZ2VyIiwidXNlcl9pZCI6IjYyYzQwZTdhZmI1YzMxZDlkZTljYWRlNCJ9.oLwuKAC1Gq7kQIKy-VePHo_E4HgmF_NBq9V6qbdIaC4 which decoded is
{
"domain": "62c5455ea001f782e43cc1bf",
"expiration": 1657162133,
"sub": "manager",
"user_id": "62c40e7afb5c31d9de9cade4"
}
cannot get the sub value from middleware via request Context().Value("sub")
I looked at go-zero's wrapping of the jwt code and the 7 reserved declarations of jwt were ignored, here is the source code
@kevwan @anqiansong is it nessary to keep the 7 reserved declarations of jwt?for what case?
This issue is stale because it has been open for 30 days with no activity.
![github-actions[bot] avatar](https://avatars.githubusercontent.com/in/15368?v=4 "Published by a pub.dev verified publisher"){kind=small}
