Comments (6)
Yes, I'm interested ;)
from goyave.
Hello and thank you for your proposal! I was planning on adding a auth.GenerateTokenWithClaims()
function in the near future, which would let you add custom claims.
Can you elaborate on how you planned on implementing this feature? I think this would be a great addition.
Do you need your JWT in other applications? You probably don't need to add anything else than the ID of the user since the authenticator will fetch the user for you in the database, so I'm not sure a struct tag auth:"jwtInclude"
would be really useful (and it would require some reflection).
from goyave.
I was planning on adding a auth.GenerateTokenWithClaims() function in the near future, which would let you add custom claims.
Can you elaborate on how you planned on implementing this feature? I think this would be a great addition.
Adding auth.GenerateTokenWithClaims()
would help, my plan was simply not to introduce additional functions, but it actually may be better to do so to not use reflection too much. The idea was to add auth:"jwtInclude"
annotation to the fields from the User struct which should be added to the token, then get this values from the user object and simply put them as claims, but as you already said, this would require reflection to get the fields annotations and may slow things down.
Do you need your JWT in other applications? You probably don't need to add anything else than the ID of the user since the authenticator will fetch the user for you in the database, so I'm not sure a struct tag auth:"jwtInclude" would be really useful (and it would require some reflection).
It can be used for e.g. to put user first and last name to the token, so when the user is logged in I can simply look into the token and display his name in the header menu (e.g. avatar button on github, there is Signed in as <nickname>
text) without the need to execute a call to /users/me
(or some similar route). But it's not critical. The authenticator fetching the user object is really great feature and implementing such /me
endpoint is not a big hassle with that.
What I proposed was mainly front-end related to just read the token and not call APIs, may be improvement for some people, but I agree that in this case separate function may be better approach.
from goyave.
I understand your use-case. The best approach would be to implement your own Login handler and use this new GenerateTokenWithClaims()
function to add everything you need, instead of using the built-in JWTController
. But re-implementing that is quite a bit of work and produces duplicate code.
Maybe we could add some features to the JWTController
to make it more flexible. What would you think about something like this?
jwtController := auth.NewJWTController()
jwtController.TokenFunc = func(r *goyave.Request, user interface{}) (string, error) {
return auth.GenerateTokenWithClaims(jwt.MapClaims{
"name": user.(*model.User).Name
})
}
from goyave.
Yeah, I think it's good idea, while leaving the default as it is currently. Then we don't have any breaking changes.
from goyave.
If you are still interested in the implementation of this, please let me know! Any contribution is very much welcome!
from goyave.
Related Issues (20)
- CORS options not working on subrouters
- Migrate from dgrijalva/jwt-go to golang-jwt/jwt
- Validating arrays of objects
- "exists" validation rule
- Validation "Required if" HOT 2
- Validation rules composition
- Validation date before/after now
- Instances HOT 8
- Allow raw SQL query in Paginator
- go-sqlmock integration
- Adapt framework to DB views
- Don't force test env in test suites
- HTTP cache implementation as middleware HOT 2
- Post-validation hook
- Validation context: access to request object
- Http Client for goyave HOT 6
- response.Error() doesn't take response status into account in debug mode
- Validation made for autocomplete HOT 3
- Exists/Unique validation rule panics when input type doesn't match database column type HOT 1
- Panic when parsing multipart form with an empty file HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from goyave.