Remove unneeded/duplicate jwt middleware in favor of https://github.com/labstack/echo-jwt

[bakatz]

I was looking at one of my projects and realized there was an old JWT library reference in there. Then I realized that echo still uses some old version of the jwt middleware baked into the echo repo, while simultaneously noting that https://github.com/labstack/echo-jwt is the officially supported jwt middleware library.

Problem: I think this is a confusing strategy - why not just recommend the use of https://github.com/labstack/echo-jwt instead of having 2 separate jwt middlewares, one baked into the echo lib itself with an old version of the jwt lib?

This PR removes the old jwt middleware with an old version of golang-jwt and updates dependencies.

I would recommend a minor or major version bump and just ask people to use the echo-jwt library as it uses the latest JWT version and is otherwise exactly the same code.

[bakatz]

@aldas it looks like you might have been the creator of the echo-jwt repo. Curious for your thoughts on this PR - did I miss anything or does this seem reasonable to merge?

[aldas]

We can not remove JWT middleware from this repo due backwards compatibility promises we are trying to keep. https://github.com/labstack/echo-jwt was created just for this reason - we could do these kind of changes.

I do not remember exactly but I think seeing linters/checks warning about deprecation notices like

echo/middleware/jwt.go

Line 158 in 77d5ae6

// Deprecated: Please use https://github.com/labstack/echo-jwt instead

at least Jetbrains Goland IDE is doing this.

[bakatz]

@aldas
Ok, got it - thank you for the quick response. I still think an exception should be made in this case for the following reasons:

• VSCode (I'm not sure about market share but it must be in the top 5) doesn't honor the above deprecation warning/I had no idea. There's nothing clearly visible to me as the developer that indicates this is deprecated when I'm adding middleware.
• Similar to the above point: it's really easy to accidentally use the old version of the JWT lib. If you don't explicitly add an import with an alias to the new jwt middleware lib, you might end up using this old version that could have a security hole of some kind. Okay, to be fair, I don't think there are any known security holes with 3.2.2 in the wild at the moment - so maybe a bit of a moot point - but it's better to always keep security related libraries up-to-date.
• The change should be straightforward for people to make and should only occur if people decide to upgrade echo to the latest major or minor version (whatever you all choose, maybe a major version bump is more appropriate). The input to the library and the behavior based on the tests seems to be the same, so it would just be a matter of go get newversion && go mod tidy

Let me know what you think

EDIT: my first 2 points are somewhat mitigated - seems like after restarting vs code it recognized the deprecated method, behavior seems to be flaky though.