Description
Checklist
- I agree to the terms within the Auth0 Code of Conduct.
Describe the problem you'd like to have solved
We're using Auth0 for user authentication and authorization of our product, and we're also using the auth0/go-jwt-middleware/v2 and auth0/go-jwt-middleware/v2/validator packages to facilitate the validation of access token origins and properties.
We're using go-kit for our API services, and thus would like to use jwtmiddleware.CheckJWT as an endpoint.Middleware in our endpoints, but are unable to because CheckJWT returns an http.Handler.
Describe the ideal solution
The existing CheckJWT handler could be forked in 2: one that can return a go-kit endpoint.Middleware, and one that returns an http.Handler; wherein the contents of CheckJWT could be abstracted and reused for both handlers. I'd imagine that TokenExtractor abilities would need to be expanded, wherein the token could be pulled from context, as in our case. Or, CheckJWT could call MultiTokenExtractor instead of AuthHeaderTokenExtractor. I may be missing some details here, but this is what I've been thinking.
Alternatives and current workarounds
Right now, we're avoiding using the jwtmiddleware.CheckJWT HTTP handler, because we're not able to use the handler in our endpoint layer. I have recreated the CheckJWT method in a middleware in our codebase that can be pull the token from the passed in context object, and validated manually using ValidateToken, and verifying the returned errors.
Additional context
I'd be happy to take a stab at a POC or initial PR for this, if a community contribution is encouraged here. I'm sure that'd grant me some points towards my quarterly Auth0 Ambassador goals. 😄 🙌
Either way, happy to chat more!