feat: JWT parsing with custom claims #253
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
gkats
force-pushed
the
core-1490-custom-claims-func
branch
2 times, most recently
from
b11bc36 to
be62a04
Compare
georgepsarakis
approved these changes
Feb 16, 2024
http/middleware.go
Outdated
| // // custom claims are available in the SessionClaims.Custom field. | ||
| // sessionClaims, ok := clerk.SessionClaimsFromContext(r.Context()) | ||
| // customClaims, ok := sessionClaims.Custom.(*MyCustomClaims) | ||
| func CustomClaimsConstructor(constructor func() any) AuthorizationOption { |
There was a problem hiding this comment.
❓ Would it make sense to pass the request context in the constructor?
Suggested change
| func CustomClaimsConstructor(constructor func() any) AuthorizationOption { | |
| func CustomClaimsConstructor(constructor func(ctx context.Context) any) AuthorizationOption { |
There was a problem hiding this comment.
Yes, but since this goes down to jwt.Verify, the context might not make sense there.
We can have different params for middleware and jwt.Verify though. I'll revise this.
There was a problem hiding this comment.
I was wrong, jwt.Verify does accept a context. 😄
Updated.
There was a problem hiding this comment.
Mostly noted this because it's going to be tough to change afterwards.
There was a problem hiding this comment.
And you were 100% right to do so 🙏 😄
Replaced the CustomClaims parameter with a CustomClaimsConstructor function when verifying a session JWT. The option is also available in the HTTP middleware. The constructor function will be called when the JWT is parsed, producing a new struct instance instead of writing on a single instance. The custom claims will be made available in the SessionClaims.Custom field.
gkats
force-pushed
the
core-1490-custom-claims-func
branch
from
be62a04 to
c803c14
Compare
Merged
This was referenced Aug 28, 2024
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Replaced the CustomClaims parameter with a CustomClaimsConstructor function when verifying a session JWT. The option is also available in the HTTP middleware.
The constructor function will be called when the JWT is parsed, producing a new struct instance instead of writing on a single instance.
The custom claims will be made available in the SessionClaims.Custom field.