-
-
Notifications
You must be signed in to change notification settings - Fork 64
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Support JWT custom claims #138
Comments
Hello and thank you for your proposal! I was planning on adding a Can you elaborate on how you planned on implementing this feature? I think this would be a great addition. Do you need your JWT in other applications? You probably don't need to add anything else than the ID of the user since the authenticator will fetch the user for you in the database, so I'm not sure a struct tag |
Adding
It can be used for e.g. to put user first and last name to the token, so when the user is logged in I can simply look into the token and display his name in the header menu (e.g. avatar button on github, there is What I proposed was mainly front-end related to just read the token and not call APIs, may be improvement for some people, but I agree that in this case separate function may be better approach. |
I understand your use-case. The best approach would be to implement your own Login handler and use this new Maybe we could add some features to the jwtController := auth.NewJWTController()
jwtController.TokenFunc = func(r *goyave.Request, user interface{}) (string, error) {
return auth.GenerateTokenWithClaims(jwt.MapClaims{
"name": user.(*model.User).Name
})
} |
Yeah, I think it's good idea, while leaving the default as it is currently. Then we don't have any breaking changes. |
If you are still interested in the implementation of this, please let me know! Any contribution is very much welcome! |
Yes, I'm interested ;) |
Proposal
I propose to support custom claims in the generated JWT token.
The user fields to be included as claims could be specified by adding
auth:"jwtInclude"
(to follow currentauth
prefix).This would allow people putting custom information in the token, e.g. when thinking about username, some additional name fields or permissions (I saw you're planning support in the future).
Possible drawbacks
By default - none, if someone uses too many fields then the token will be heavy, but that's up to user of the framework.
Additional information
I think I can handle this contribution if you agree.
The text was updated successfully, but these errors were encountered: