Separate verification into its own function #396
Conversation
Signed-off-by: Nathanael DEMACON <[email protected]>
|
Maybe a trivial question, but can't you do this logic inside the keyfunc? You have access to the |
|
I sometimes only parse the JWT to speedup the process when it comes from a fully trusted source (from internal code). I could duplicate some code to make it work but separating the functions costs nothing and fits my use-case. |
We are extremely careful about introducing new public functions because we need to maintain them in a way that we cannot break their function signature for quite a long time (since we tend to stick with major versions for quite a while). So yes, separating these functions actually does costs something: the time of a maintainer ;) We intentionally did not expose any of these functions to not confuse people who might not be as experienced as you and might be confused, whether a simple As a bare minimum this function needs a godoc string and we probably would need to have an additional though about its function signature, because as I said before we need to stick with it for quite a while. |
|
any though on this @mfridman ? |
|
Yeah I'm okay with this. Needs a godoc comment though. |
Hello!
I have this use-case where I want to parse the JWT, fetch the secret elsewhere and then verify the JWT.
The current available functions forces me to parse the JWT another time. I want to validate the token, not parse it again.
Thanks,