Where should I give the secret on validation?
elgs opened this issue ยท 8 comments
In the validation example here https://github.com/cristalhq/jwt/blob/master/example_validate_test.go, it seems I didn't see any where to provide the secret/password on validation?
Hi, this can be done via https://godoc.org/github.com/cristalhq/jwt#Signer (See Verify method). Signing and verifying token is a pure Signer task.
Thanks. It looks like I confused validate and verify. Would be great if you could add a few examples in the readme.md, like:
- how to turn a JSON string into a jwt string;
- how to verify a jwt string;
As a user, we don't want to mess with your internal types, unless necessary, in most cases, we start with a raw JSON string, and we expect a jwt string, and for verification, we start with a jwt string and a string typed secret, and expect a boolean answer.
ok, sounds good, will try to fix today, thank you for the feedback ๐
Thank you so much! Last question, it would be great if you could put an example of verify in the readme.md.
@elgs but there is already a full example in example files (there are links in README.md)
The links only says build, parse, validate in the README.md, with your instruction, I figured how to get things done. There are two types of people:
- if there's example in the code, why would I bother to write them in README.md;
- if I could put examples in README.md, why would I bother users to read the code;
I fully respect each of styles. So it's fine to keep the examples in the code. Thank you so much!
I prefer 1 just to reduce copy-paste and for an easier example/test/code maintainability. BTW, I got your point, will push slightly updated README now.
Thanks once more for the feedback ๐