Separate verification into its own function #396
Conversation
Signed-off-by: Nathanael DEMACON <[email protected]>
|
Maybe a trivial question, but can't you do this logic inside the keyfunc? You have access to the |
|
I sometimes only parse the JWT to speedup the process when it comes from a fully trusted source (from internal code). I could duplicate some code to make it work but separating the functions costs nothing and fits my use-case. |
We are extremely careful about introducing new public functions because we need to maintain them in a way that we cannot break their function signature for quite a long time (since we tend to stick with major versions for quite a while). So yes, separating these functions actually does costs something: the time of a maintainer ;) We intentionally did not expose any of these functions to not confuse people who might not be as experienced as you and might be confused, whether a simple As a bare minimum this function needs a godoc string and we probably would need to have an additional though about its function signature, because as I said before we need to stick with it for quite a while. |
|
any though on this @mfridman ? |
|
Yeah I'm okay with this. Needs a godoc comment though. |
| return p.VerifyToken(token, parts, claims, keyFunc) | ||
| } | ||
|
|
||
| func (p *Parser) VerifyToken(token *Token, parts []string, claims Claims, keyFunc Keyfunc) (*Token, error) { |
There was a problem hiding this comment.
@quantumsheep Can you supply a good for this function? Then we can accept the merge.
Hello!
I have this use-case where I want to parse the JWT, fetch the secret elsewhere and then verify the JWT.
The current available functions forces me to parse the JWT another time. I want to validate the token, not parse it again.
Thanks,