forked from bketelsen/goa-middleware
-
Notifications
You must be signed in to change notification settings - Fork 0
/
doc.go
45 lines (37 loc) · 1.57 KB
/
doc.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
/*
Package jwt makes it possible to authorize API requests using JSON Web Tokens,
see https://jwt.io/introduction/
Middleware
The package provides a middleware that can be mounted on controllers that require authentication.
The JWT middleware is instantiated using the package Middleware function. This function accepts
a specification that describes the various properties used by the JWT signature and validation
algorithms.
spec := &jwt.Specification{
AllowParam: false, // Pass tokens in headers only
AuthOptions: false, // Do not authorize OPTIONS requests
TTLMinutes: 1440, // Tokens are valid for 24 hours
Issuer: "me.com", // me.com issued the token
KeySigningMethod: jwt.RSA256, // Use the RSA256 hashing algorithm to sign tokens
SigningKeyFunc: privateKey, // privateKey returns the key used to sign tokens
ValidationFunc: pubKey, // pubKey returns the key used to validate tokens
}
authorizedController.Use(jwt.Middleware(spec))
Token Manager
The package also exposes a token manager that creates the JWT tokens. The manager is instantiated
using the same specification used to create the middleware:
var tm *jwt.TokenManager = jwt.NewTokenManager(spec)
func Login(ctx *goa.Context) error {
// ...
// Authorize request using ctx, initialize tenant id if necessary etc.
// ...
claims := map[string]interface{}{
"accountID": accountID,
}
token, err := tm.Create(claims)
if err != nil {
return err
}
return ctx.Respond(200, token) // You'll probably need something different here
}
*/
package jwt