No scheme?

[spacesuitdiver]

Is it possible to specify no scheme and have passport-jwt just match the contents of Authorization header and/or configure the header? It's not really possible to accurately use this plugin with Swagger's security credentials object with this requirement.

[mikenicholson]

From issue #20

I based the need to specify an auth-scheme based on RFC2617 "HTTP Authentication: Basic and Digest Access Authentication" section 1.2. This RFC specifies that the credentials supplied in the Authorization header take the format

credentials = auth-scheme #auth-param

Based on my reading of the RFC it does not appear that the auth-scheme can be considered optional.

For this implementation I'm going to stick with the RFC. I'm planning to overhaul how the JWT is parsed from the request in a 2.0.0 release in the near future. In the new version you will be able to provide a function which accepts a request and returns a JWT so client code has complete control with how the JWT is provided. Existing functionality will be baked into some commonly use retrieval functions that will be provided wit the strategy.

[mikenicholson]

The apiv2 branch is up. This branch uses a function to extract the JWT from the request allowing the user to pass the request any way they want If you want to try it out and provide feedback you can change the dependency in your package.json to match the following:

  "dependencies": {
    "passport-jwt": "git+https://github.com/themikenicholson/passport-jwt.git#apiv2"
  },

Looking forward to feedback and suggestions on the new api before I release it.

[mikenicholson]

The v2.0.0 release is complete. This should now be possible through custom extractor functions. Closing.