User JWT standard claims #102
Conversation
|
I totally second this, I think this is a good idea since it could encourage people who are just getting into JWT to use the standard conventions. Also we must consider that dgrijalva/jwt-go —the library used— includes built-in validation for some StandardClaims like exp so the Valid() method in JWTAccessClaims may be redundant because it's already being validated when the JWT is parsed if you use the jwt.StandardClaims. It really depends on how the Valid() method is used by the authorization server so I can't say much more without digging deeper into the code but if the server first calls the Valid() method and then parses it with the library (or the other way around), it would be validating the token twice (again, just if you're using the jwt.StandardClaims), it's not a super expensive op but still redundant. |
|
Oh, I didn't expect to get it merged so soon as it was only a draft PR. The tests should be updated too (I'm currently trying to setup the test pipeline locally to validate it) |
No description provided.