Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: Handler to check azp claim #247

Merged
merged 1 commit into from
Feb 15, 2024
Merged

feat: Handler to check azp claim #247

merged 1 commit into from
Feb 15, 2024

Conversation

gkats
Copy link
Member

@gkats gkats commented Feb 14, 2024

The JWT verification function accepts a handler that can be used to validate the 'azp' claim of the token.

The WithHeaderAuthorization middleware accepts either a handler or a list of authorized parties that must contain the 'azp' claim.

You can use the option in two ways.

func checkAZP(azp string) bool {
  // do whatever you want with the azp claim
}

WithHeaderAuthorization(AuthorizedParty(checkAZP))
// OR
// This will check that the 'azp' claim is one of the provided values
WithHeaderAuthorization(AuthorizedPartyFunc("clerk.com", "clerk.dev"))

@gkats gkats requested a review from a team as a code owner February 14, 2024 12:50
yourtallness
yourtallness reviewed Feb 14, 2024
View reviewed changes
http/middleware.go Outdated
return nil
}
}

// AuthorizedPartyFunc registers a handler that checks that the
// 'azp' claim's value is included in the provided parties.
func AuthorizedPartyFunc(parties ...string) func(string) bool {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

As discussed in Slack, this personally confuses me.

Maybe a naming that conveys what it does (check containment in list) instead of a name that coincides with the param below.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@yourtallness I made a couple of changes in a23a391

  • Renamed the verification parameter from AuthorizedPartyFunc to AuthorizedPartyHandler
  • Renamed the option helper in the middleware from AuthorizedPartyFunc to AuthorizedPartyMatches

Please let me know what you think, thanks!

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is an improvement.

The ideal UX would probably automatically call the default matcher if no handler is provided, but I understand this may be impractical.

So, approving AFAIAC.

@gkats
feat: Handler to check azp claim
0e37cd0 
The JWT verification function accepts a handler that can be used to
validate the 'azp' claim of the token.
The WithHeaderAuthorization middleware accepts either a handler or a
list of authorized parties that must contain the 'azp' claim.
@gkats gkats force-pushed the core-1571-azp-func branch from a23a391 to 0e37cd0 Compare February 15, 2024 15:55
@gkats gkats merged commit c91ccf4 into v2 Feb 15, 2024
4 checks passed
@gkats gkats deleted the core-1571-azp-func branch February 15, 2024 15:57
@NicolasLopes7 NicolasLopes7 mentioned this pull request May 13, 2024
Merged
This was referenced Aug 28, 2024
Merged
Merged
Merged
Merged
@NicolasLopes7 NicolasLopes7 mentioned this pull request Sep 5, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@yourtallness yourtallness yourtallness approved these changes

@georgepsarakis georgepsarakis georgepsarakis approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@gkats @georgepsarakis @yourtallness