Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Implement a BearerExtractor #226

Merged
merged 2 commits into from
Aug 19, 2022
Merged

Implement a BearerExtractor #226

merged 2 commits into from
Aug 19, 2022

Conversation

WhyNotHugo
Copy link
Contributor

@WhyNotHugo WhyNotHugo commented Aug 10, 2022

This is a rather common extractor; it extracts the JWT from the HTTP
Authorization header, expecting it to include the "Bearer " prefix.

This patterns is rather common and this snippet is repeated in enough
applications that it's probably best to just include it upstream and
allow reusing it.

This is a rather common extractor; it extracts the JWT from the HTTP
Authorization header, expecting it to include the "Bearer " prefix.

This patterns is rather common and this snippet is repeated in enough
applications that it's probably best to just include it upstream and
allow reusing it.
@oxisto
Copy link
Collaborator

oxisto commented Aug 10, 2022

Good idea. May I suggest an alternative name like AuthorizationHeaderExtractor or do you think that is too long?

@mfridman
Copy link
Member

I have this in literally every project, haha. I'd suggest something like GetTokenFromHeader

@oxisto
Copy link
Collaborator

oxisto commented Aug 11, 2022

I have this in literally every project, haha. I'd suggest something like GetTokenFromHeader

There is already a TokenExtractor which loops through all tokens, since this is specific to a bearer token we might as well stick with the original name.

request/extractor.go Outdated Show resolved Hide resolved
oxisto
oxisto previously approved these changes Aug 15, 2022
request/extractor.go Outdated Show resolved Hide resolved
@oxisto oxisto merged commit fdaf0eb into golang-jwt:main Aug 19, 2022
@WhyNotHugo WhyNotHugo deleted the bearer-token branch August 22, 2022 08:05
@AlexanderYastrebov
Copy link
Contributor

There is a long-existing AuthorizationHeaderExtractor that does the same (almost, as it also allows token without Bearer prefix afaict)

jwt/request/oauth2.go

Lines 7 to 21 in 2ebb50f

// Strips 'Bearer ' prefix from bearer token string
func stripBearerPrefixFromTokenString(tok string) (string, error) {
// Should be a bearer token
if len(tok) > 6 && strings.ToUpper(tok[0:7]) == "BEARER " {
return tok[7:], nil
}
return tok, nil
}
// AuthorizationHeaderExtractor extracts a bearer token from Authorization header
// Uses PostExtractionFilter to strip "Bearer " prefix from header
var AuthorizationHeaderExtractor = &PostExtractionFilter{
HeaderExtractor{"Authorization"},
stripBearerPrefixFromTokenString,
}

mend-for-github-com bot referenced this pull request in DelineaXPM/dsv-cli Jan 19, 2023
…v4.4.3 (#42)

This PR contains the following updates:

| Package | Type | Update | Change |
|---|---|---|---|
| [github.com/golang-jwt/jwt/v4](https://togithub.com/golang-jwt/jwt) |
require | patch | `v4.4.2` -> `v4.4.3` |

---

### ⚠ Dependency Lookup Warnings ⚠

Warnings were logged while processing this repo. Please check the
Dependency Dashboard for more information.

---

### Release Notes

<details>
<summary>golang-jwt/jwt</summary>

### [`v4.4.3`](https://togithub.com/golang-jwt/jwt/releases/tag/v4.4.3)

[Compare
Source](https://togithub.com/golang-jwt/jwt/compare/v4.4.2...v4.4.3)

#### What's Changed

- fix: link update for README.md for v4 by
[@&#8203;krokite](https://togithub.com/krokite) in
[https://github.com/golang-jwt/jwt/pull/217](https://togithub.com/golang-jwt/jwt/pull/217)
- Implement a BearerExtractor by
[@&#8203;WhyNotHugo](https://togithub.com/WhyNotHugo) in
[https://github.com/golang-jwt/jwt/pull/226](https://togithub.com/golang-jwt/jwt/pull/226)
- Bump matrix to support latest go version (go1.19) by
[@&#8203;mfridman](https://togithub.com/mfridman) in
[https://github.com/golang-jwt/jwt/pull/231](https://togithub.com/golang-jwt/jwt/pull/231)
- Include https://github.com/golang-jwt/jwe in README by
[@&#8203;oxisto](https://togithub.com/oxisto) in
[https://github.com/golang-jwt/jwt/pull/229](https://togithub.com/golang-jwt/jwt/pull/229)
- Add doc comment to ParseWithClaims by
[@&#8203;jkopczyn](https://togithub.com/jkopczyn) in
[https://github.com/golang-jwt/jwt/pull/232](https://togithub.com/golang-jwt/jwt/pull/232)
- Refactor: removed the unneeded if statement by
[@&#8203;Krout0n](https://togithub.com/Krout0n) in
[https://github.com/golang-jwt/jwt/pull/241](https://togithub.com/golang-jwt/jwt/pull/241)
- No pointer embedding in the example by
[@&#8203;oxisto](https://togithub.com/oxisto) in
[https://github.com/golang-jwt/jwt/pull/255](https://togithub.com/golang-jwt/jwt/pull/255)

#### New Contributors

- [@&#8203;krokite](https://togithub.com/krokite) made their first
contribution in
[https://github.com/golang-jwt/jwt/pull/217](https://togithub.com/golang-jwt/jwt/pull/217)
- [@&#8203;WhyNotHugo](https://togithub.com/WhyNotHugo) made their first
contribution in
[https://github.com/golang-jwt/jwt/pull/226](https://togithub.com/golang-jwt/jwt/pull/226)
- [@&#8203;jkopczyn](https://togithub.com/jkopczyn) made their first
contribution in
[https://github.com/golang-jwt/jwt/pull/232](https://togithub.com/golang-jwt/jwt/pull/232)
- [@&#8203;Krout0n](https://togithub.com/Krout0n) made their first
contribution in
[https://github.com/golang-jwt/jwt/pull/241](https://togithub.com/golang-jwt/jwt/pull/241)

**Full Changelog**:
golang-jwt/jwt@v4.4.2...v4.4.3

</details>

---

### Configuration

📅 **Schedule**: Branch creation - "before 3am on Monday" (UTC),
Automerge - At any time (no schedule defined).

🚦 **Automerge**: Enabled.

♻ **Rebasing**: Whenever PR is behind base branch, or you tick the
rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, click
this checkbox.

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzMi4yMjkuMCIsInVwZGF0ZWRJblZlciI6IjMyLjIyOS4wIn0=-->

Co-authored-by: mend-for-github-com[bot] <50673670+mend-for-github-com[bot]@users.noreply.github.com>
kodiakhq bot referenced this pull request in cloudquery/cloudquery Feb 1, 2023
This PR contains the following updates:

| Package | Type | Update | Change |
|---|---|---|---|
| [github.com/golang-jwt/jwt/v4](https://togithub.com/golang-jwt/jwt) | indirect | patch | `v4.4.2` -> `v4.4.3` |

---

### Release Notes

<details>
<summary>golang-jwt/jwt</summary>

### [`v4.4.3`](https://togithub.com/golang-jwt/jwt/releases/tag/v4.4.3): 4.4.3

[Compare Source](https://togithub.com/golang-jwt/jwt/compare/v4.4.2...v4.4.3)

##### What's Changed

-   fix: link update for README.md for v4 by [@&#8203;krokite](https://togithub.com/krokite) in [https://github.com/golang-jwt/jwt/pull/217](https://togithub.com/golang-jwt/jwt/pull/217)
-   Implement a BearerExtractor by [@&#8203;WhyNotHugo](https://togithub.com/WhyNotHugo) in [https://github.com/golang-jwt/jwt/pull/226](https://togithub.com/golang-jwt/jwt/pull/226)
-   Bump matrix to support latest go version (go1.19) by [@&#8203;mfridman](https://togithub.com/mfridman) in [https://github.com/golang-jwt/jwt/pull/231](https://togithub.com/golang-jwt/jwt/pull/231)
-   Include https://github.com/golang-jwt/jwe in README by [@&#8203;oxisto](https://togithub.com/oxisto) in [https://github.com/golang-jwt/jwt/pull/229](https://togithub.com/golang-jwt/jwt/pull/229)
-   Add doc comment to ParseWithClaims by [@&#8203;jkopczyn](https://togithub.com/jkopczyn) in [https://github.com/golang-jwt/jwt/pull/232](https://togithub.com/golang-jwt/jwt/pull/232)
-   Refactor: removed the unneeded if statement by [@&#8203;Krout0n](https://togithub.com/Krout0n) in [https://github.com/golang-jwt/jwt/pull/241](https://togithub.com/golang-jwt/jwt/pull/241)
-   No pointer embedding in the example by [@&#8203;oxisto](https://togithub.com/oxisto) in [https://github.com/golang-jwt/jwt/pull/255](https://togithub.com/golang-jwt/jwt/pull/255)

##### New Contributors

-   [@&#8203;krokite](https://togithub.com/krokite) made their first contribution in [https://github.com/golang-jwt/jwt/pull/217](https://togithub.com/golang-jwt/jwt/pull/217)
-   [@&#8203;WhyNotHugo](https://togithub.com/WhyNotHugo) made their first contribution in [https://github.com/golang-jwt/jwt/pull/226](https://togithub.com/golang-jwt/jwt/pull/226)
-   [@&#8203;jkopczyn](https://togithub.com/jkopczyn) made their first contribution in [https://github.com/golang-jwt/jwt/pull/232](https://togithub.com/golang-jwt/jwt/pull/232)
-   [@&#8203;Krout0n](https://togithub.com/Krout0n) made their first contribution in [https://github.com/golang-jwt/jwt/pull/241](https://togithub.com/golang-jwt/jwt/pull/241)

**Full Changelog**: golang-jwt/jwt@v4.4.2...v4.4.3

</details>

---

### Configuration

📅 **Schedule**: Branch creation - "before 3am on the first day of the month" (UTC), Automerge - At any time (no schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update again.

---

 - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box

---

This PR has been generated by [Renovate Bot](https://togithub.com/renovatebot/renovate).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNC45NC4wIiwidXBkYXRlZEluVmVyIjoiMzQuOTQuMCJ9-->
oxisto pushed a commit to moneszarrugh/jwt that referenced this pull request Feb 21, 2023
* Implement a BearerExtractor

This is a rather common extractor; it extracts the JWT from the HTTP
Authorization header, expecting it to include the "Bearer " prefix.

This patterns is rather common and this snippet is repeated in enough
applications that it's probably best to just include it upstream and
allow reusing it.

* Ignore case-sensitivity for "Bearer"
oxisto pushed a commit to twocs/jwt that referenced this pull request Mar 29, 2023
* Implement a BearerExtractor

This is a rather common extractor; it extracts the JWT from the HTTP
Authorization header, expecting it to include the "Bearer " prefix.

This patterns is rather common and this snippet is repeated in enough
applications that it's probably best to just include it upstream and
allow reusing it.

* Ignore case-sensitivity for "Bearer"
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants