jwt.NewParser as http.ServerBefore instead of endpoint.Middleware

[stampy88]

Hi,

We are using the JWT features of go-kit to do authentication and authorization for our HTTP server and clients. One of the claims from our token is a client identifier. We use this identifier (along with a traceId) in our logs statements to identity the who did what in the logs. We also have a transport.ErrorHandler for logging errors. The problem we are facing is that since the jwt.NewParse is implemented as endpoint.Middleware, the Context that is given to the ErrorHandler does not have the token on it, and therefore our error log messages are missing a clientId. Here is the relevant snippet from http.Server

for _, f := range s.before {
		ctx = f(ctx, r)
	}

	request, err := s.dec(ctx, r)
	if err != nil {
		s.errorHandler.Handle(ctx, err)
		s.errorEncoder(ctx, err, w)
		return
	}

	response, err := s.e(ctx, request)  <--- CONTEXT is altered by JWT here, but not returned
	if err != nil {
		s.errorHandler.Handle(ctx, err)
		s.errorEncoder(ctx, err, w)
		return
	}

	for _, f := range s.after {
		ctx = f(ctx, w)
	}

	if err := s.enc(ctx, w, response); err != nil {
		s.errorHandler.Handle(ctx, err)
		s.errorEncoder(ctx, err, w)
		return
	}

One thought was to change the signature of the ServerBefore to return an error as well, so that you could report errors and offer the JWT functionality in that way, so that the Context is correct for the rest of the ServeHTTP method. I would like to hear you thoughts,

Thanks

[whiteboy19787bm]

Be happy too if I knew howSent from my Verizon, Samsung Galaxy smartphone -------- Original message --------From: dave sinclair <[email protected]> Date: 8/7/20 8:05 AM (GMT-06:00) To: go-kit/kit <[email protected]> Cc: Subscribed <[email protected]> Subject: [go-kit/kit] jwt.NewParser as http.ServerBefore instead of endpoint.Middleware (#1003) Hi, We are using the JWT features of go-kit to do authentication and authorization for our HTTP server and clients. One of the claims from our token is a client identifier. We use this identifier (along with a traceId) in our logs statements to identity the who did what in the logs. We also have a transport.ErrorHandler for logging errors. The problem we are facing is that since the jwt.NewParse is implemented as endpoint.Middleware, the Context that is given to the ErrorHandler does not have the token on it, and therefore our error log messages are missing a clientId. Here is the relevant snippet from http.Server for _, f := range s.before { ctx = f(ctx, r) } request, err := s.dec(ctx, r) if err != nil { s.errorHandler.Handle(ctx, err) s.errorEncoder(ctx, err, w) return } response, err := s.e(ctx, request) <--- CONTEXT is altered by JWT here, but not returned if err != nil { s.errorHandler.Handle(ctx, err) s.errorEncoder(ctx, err, w) return } for _, f := range s.after { ctx = f(ctx, w) } if err := s.enc(ctx, w, response); err != nil { s.errorHandler.Handle(ctx, err) s.errorEncoder(ctx, err, w) return } One thought was to change the signature of the ServerBefore to return an error as well, so that you could report errors and offer the JWT functionality in that way, so that the Context is correct for the rest of the ServeHTTP method. I would like to hear you thoughts, Thanks —You are receiving this because you are subscribed to this thread.Reply to this email directly, view it on GitHub, or unsubscribe.

[stampy88]

any thoughts on this @peterbourgon?