mirror of
https://forgejo.merr.is/annika/jwtauth.git
synced 2025-12-11 11:16:32 -05:00
Update README
This commit is contained in:
Peter Kieltyka
parent
e6503c425b
commit
9f0ed7472c
1 changed files with 7 additions and 3 deletions
10
README.md
10
README.md
|
|
@ -23,12 +23,11 @@ plain-text payload for all unverified tokens and passes the good ones through. Y
|
|||
also copy the Authenticator and customize it to handle invalid tokens to better fit
|
||||
your flow (ie. with a JSON error response body).
|
||||
|
||||
The `Verifier` will search for a JWT token in a http request, in the order:
|
||||
By default, the `Verifier` will search for a JWT token in a http request, in the order:
|
||||
|
||||
1. 'jwt' URI query parameter
|
||||
2. 'Authorization: BEARER T' request header
|
||||
3. Cookie 'jwt' value
|
||||
4. (optional), use `jwtauth.Verify("state")` for additional query/cookie parameter aliases
|
||||
3. 'jwt' Cookie value
|
||||
|
||||
The first JWT string that is found as a query parameter, authorization header
|
||||
or cookie header is then decoded by the `jwt-go` library and a *jwt.Token
|
||||
|
|
@ -40,6 +39,11 @@ be the generic `jwtauth.Authenticator` middleware or your own custom handler
|
|||
which checks the request context jwt token and error to prepare a custom
|
||||
http response.
|
||||
|
||||
Note: jwtauth supports custom verification sequences for finding a token
|
||||
from a request by using the `Verify` middleware instantiator directly. The default
|
||||
`Verifier` is instantiated by calling `Verify(ja, TokenFromQuery, TokenFromHeader, TokenFromCookie)`.
|
||||
|
||||
|
||||
# Usage
|
||||
|
||||
See the full [example](https://github.com/go-chi/jwtauth/blob/master/_example/main.go).
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue