-
Notifications
You must be signed in to change notification settings - Fork 683
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Refactor JWT to use around_action
when needed instead of middleware used with every request
#1744
Comments
As far as I can tell, this middleware is actually not needed at all anymore in So the only reason we’d want to hold on to the middleware is to maintain compatibility with apps that rely on the JWT values being parsed into environment variables, e.g. Considering that, I’d propose a simple solution:
I don't see a need for a new controller concern to hold the old middleware logic, since:
|
Hey Daniel! I like your suggestion of making this a configurable option. I think for minimal friction backwards compatibility, we should make it an opt-out configuration. The downside to this is the confusing language with the double negatives, but I think that's worth making version upgrades easier for 3rd party apps. Open to other suggestions as well. |
Agreed that we no longer need the JWT middleware. The good news we have already signaled that JWT middleware is deprecated and is set to be deleted with the next major release version 23.0. Seeing as we have it firing deprecation warnings already, I recommend we remove it from the codebase rather than keeping it as a configurable option with the next major release. |
Just to clarify, we're only deprecating the ShopifyAPP::JWT class that's responsible for decoding and validating the token and not the middleware itself. That deprecation is to unify to a single parser class ShopifyAPI::JtwPayload. The JWT middleware still uses the ShopifyAPI::JtwPayload to decode the token. |
Overview/summary
We currently use a JWT middleware to parse the JWT for every request that is made to a rails app that uses this gem. For actions that don't need to make API calls to Shopify we are still spending time logging and trying to parse a token that doesn't exist. For applications that have a large amount of traffic, this inefficiency adds up.
We should explore moving that logic to our controller concerns as part of a
around_action
orbefore_action
filter so we only parse JWT when we know it'll be there.The text was updated successfully, but these errors were encountered: