Skip to content
This repository has been archived by the owner on May 24, 2023. It is now read-only.

Allow Header Extraction without AuthScheme #103

Closed
JEreth opened this issue Oct 26, 2022 · 3 comments
Closed

Allow Header Extraction without AuthScheme #103

JEreth opened this issue Oct 26, 2022 · 3 comments

Comments

@JEreth
Copy link
Contributor

JEreth commented Oct 26, 2022

We used Fiber in a use case where we get a JWT token in a custom header field from an auth platform like this

{
x-custom-jwt: <mytoken>
}

It seems like can not extract this structure via the fiber JWT middleware as it expects a auth scheme and if not given it crops the first character of the key as it expecs <AuthScheme> <Token>.

See:

jwt/jwt.go

Line 39 in 1a9806c

return auth[l+1:], nil

Suggestion: Either we check if AuthScheme is empty or we trim the token and do not crop with +1

@JEreth JEreth closed this as not planned Won't fix, can't repro, duplicate, stale Oct 26, 2022
@JEreth JEreth reopened this Oct 26, 2022
JEreth added a commit to JEreth/jwt that referenced this issue Oct 26, 2022
When we have an empty AuthScheme we accidently crop the first character as it usually has a space. This PR suggest to trim the token instead of cropping with + 1
@efectn efectn closed this as completed Oct 26, 2022
@efectn efectn reopened this Oct 26, 2022
@efectn
Copy link
Member

efectn commented Oct 26, 2022

Sorry 😅

@JEreth
Copy link
Contributor Author

JEreth commented Oct 26, 2022

I added a PR: #104

ReneWerner87 added a commit that referenced this issue Nov 20, 2022
#103 Allow Header Extraction without AuthScheme #103
@ReneWerner87
Copy link
Member

solved with #104

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
None yet
Projects
None yet
Development

No branches or pull requests

3 participants