Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

token strategy/pkg docs #43

Open
shaj13 opened this issue Aug 5, 2020 · 8 comments
Open

token strategy/pkg docs #43

shaj13 opened this issue Aug 5, 2020 · 8 comments
Labels
documentation Improvements or additions to documentation good first issue Good for newcomers

Comments

@shaj13
Copy link
Owner

shaj13 commented Aug 5, 2020

Tasks:

  • add docs to token strategy (godoc)
  • add links to the readme (api-key, bearer, x-header)
@shaj13 shaj13 added good first issue Good for newcomers documentation Improvements or additions to documentation labels Aug 5, 2020
@briwagner
Copy link
Contributor

Hey, I just stumbled on this project and was going to begin using for a personal site. Are you still looking for assistance on this issue?

I realize this is a result of the changes from version 1.x to 2.x. My understanding is that the bearer type is being deprecated, and the walkthough (https://medium.com/@hajsanad/authentication-in-golang-using-go-guardian-b1cd47da47a0) isn't valid for version 2.x.

I glanced at the _example/ directory and didn't see an entry for token. I'm not sure if that is part of the work required here, or something else. Please let me know if I can help with some of the docs, examples here.

Thanks,
Brian

@shaj13
Copy link
Owner Author

shaj13 commented Feb 24, 2021

@briwagner
first of all, thank you for reaching out.
FYI, moved to v2 for more scalability and maintenance.
IIRC, https://github.com/shaj13/go-guardian/tree/master/_examples/basic_bearer cover the token and basic strategy may we need to rename the folder.
honestly, I will be glad if you could assist,
I would like to start from the readme so we can welcome users and navigate them in the right direction while explains the project.
let me know what you think.

@briwagner
Copy link
Contributor

Yes, I'm happy to help where you think it's needed. Let me know what is most helpful at this point, and I will try to suggest some changes.

I agree: it may be simply renaming the folder in _examples/, to "token". When I looked initially I was confused there was no entry for token. I expected the folder list for auth/strategies/ to match _examples/. Just my initial expectation.

My use case was basic and JWT token, so that's something I'm comfortable with. I don't have experience with the other strategies.

But let me know what you have in mind for expanding the README, and if I can help. Just as a comparison, I see how netlify/gotrue walks through more of the details for each method, and has more code examples. Maybe too many? It's almost a bit of info overload, but if you know what you're looking for in there, it can be helpful.

@shachardevops
Copy link

Hello, I started to use this package yesterday.
I have a little question, related to the JWT Strategy - what if I want to change the ID to the user ID

func setupGoGuardian() {
	keeper = jwt.StaticSecret{
		ID:        "TEST", <<<<<<<<<<
		Secret:    []byte("JWTSecret"),
		Algorithm: jwt.HS256,
	}
	cache := libcache.FIFO.New(0)
	cache.SetTTL(time.Minute * 5)
	cache.RegisterOnExpired(func(key, _ interface{}) {
		cache.Peek(key)
	})
	basicStrategy := basic.NewCached(validateUser, cache)
	jwtStrategy := jwt.New(cache, keeper)
	middlewares.Strategy = union.New(jwtStrategy, basicStrategy)
}

My problem is: The ID is dynamic and based on the user from the DB.
How can I achieve this?

@shaj13
Copy link
Owner Author

shaj13 commented Mar 9, 2021

@shachardevops
StaticSecret.ID used to be added to the jwt kid header so when the token comeback we can validate it with the correct secret.
PTAL https://tools.ietf.org/html/rfc7515#section-4.1.4

basically, a secure system rotates the jwt signing key every X interval duration, StaticSecret is aimed to return always the same key.
so we are supporting both kinds of static and rotated keys
See for rotation example https://play.golang.org/p/5N-5fWa0mfN.

regarding the user id, it's supported but examples use hardcoded for simplicity, so you can build user object from DB and pass it to IssueAccessToken
one thing for sure you can use the default user with Extensions to add extra properties
or take the hard way and implement a user info interface.
PTAL https://github.com/shaj13/go-guardian/blob/master/auth/strategies/jwt/token_test.go#L91
e.g https://play.golang.org/p/lFTf6yIYBUT

please create a different issue for further question
would like to keep this for docs.

@shaj13
Copy link
Owner Author

shaj13 commented Mar 12, 2021

@briwagner
awesome let's start by re-organize the examples.
split the basic_bearer to basic and token.
the token example can use the basic similar to jwt example

regarding README maybe something similar to cobra what do you think?

@shaj13
Copy link
Owner Author

shaj13 commented Mar 12, 2021

@briwagner created an issue for example #104, feel free to take it.

@briwagner
Copy link
Contributor

Meant to follow up on this: I'm adding a PR for #104

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
documentation Improvements or additions to documentation good first issue Good for newcomers
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@briwagner @shachardevops @shaj13