Authenticator and PrivateKey should not be required by default
renta opened this issue · 1 comments
Authenticator function and private key are required now if you want to use this middleware in a Gin project. But sometimes your application does not issue JWT-tokens, refresh and destroy them (especially in a microservice architecture where this functions usually do a separate service), but only needs an ability to read the token and extract claims from it. In such a case you just should provide a public file and encryption algorithm name. For example, Echo framework jwt-middleware could be created with only public key and algo name (see https://echo.labstack.com/middleware/jwt/):
jwtConfig := middleware.JWTConfig{
SigningKey: publicKey,
SigningMethod: jwt.SigningMethodRS256.Name,
}
I believe that this middleware also should require only minimum for tokens parsing.
This task could be done with such a middleware: https://gist.github.com/renta/e6c3a67f40a3a8edd251c8c804293c7e