Implement a BearerExtractor #226

WhyNotHugo · 2022-08-10T13:17:51Z

This is a rather common extractor; it extracts the JWT from the HTTP
Authorization header, expecting it to include the "Bearer " prefix.

This patterns is rather common and this snippet is repeated in enough
applications that it's probably best to just include it upstream and
allow reusing it.

This is a rather common extractor; it extracts the JWT from the HTTP Authorization header, expecting it to include the "Bearer " prefix. This patterns is rather common and this snippet is repeated in enough applications that it's probably best to just include it upstream and allow reusing it.

oxisto · 2022-08-10T18:58:35Z

Good idea. May I suggest an alternative name like AuthorizationHeaderExtractor or do you think that is too long?

mfridman · 2022-08-10T19:39:12Z

I have this in literally every project, haha. I'd suggest something like GetTokenFromHeader

oxisto · 2022-08-11T06:53:29Z

I have this in literally every project, haha. I'd suggest something like GetTokenFromHeader

There is already a TokenExtractor which loops through all tokens, since this is specific to a bearer token we might as well stick with the original name.

request/extractor.go

AlexanderYastrebov · 2022-12-02T22:07:31Z

There is a long-existing AuthorizationHeaderExtractor that does the same (almost, as it also allows token without Bearer prefix afaict)

jwt/request/oauth2.go

Lines 7 to 21 in 2ebb50f

    
           // Strips 'Bearer ' prefix from bearer token string 
        
           func stripBearerPrefixFromTokenString(tok string) (string, error) { 
        
           	// Should be a bearer token 
        
           	if len(tok) > 6 && strings.ToUpper(tok[0:7]) == "BEARER " { 
        
           		return tok[7:], nil 
        
           	} 
        
           	return tok, nil 
        
           } 
        
           // AuthorizationHeaderExtractor extracts a bearer token from Authorization header 
        
           // Uses PostExtractionFilter to strip "Bearer " prefix from header 
        
           var AuthorizationHeaderExtractor = &PostExtractionFilter{ 
        
           	HeaderExtractor{"Authorization"}, 
        
           	stripBearerPrefixFromTokenString, 
        
           }

…v4.4.3 (#42) This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [github.com/golang-jwt/jwt/v4](https://togithub.com/golang-jwt/jwt) | require | patch | `v4.4.2` -> `v4.4.3` | --- ### ⚠ Dependency Lookup Warnings ⚠ Warnings were logged while processing this repo. Please check the Dependency Dashboard for more information. --- ### Release Notes <details> <summary>golang-jwt/jwt</summary> ### [`v4.4.3`](https://togithub.com/golang-jwt/jwt/releases/tag/v4.4.3) [Compare Source](https://togithub.com/golang-jwt/jwt/compare/v4.4.2...v4.4.3) #### What's Changed - fix: link update for README.md for v4 by [@krokite](https://togithub.com/krokite) in [https://github.com/golang-jwt/jwt/pull/217](https://togithub.com/golang-jwt/jwt/pull/217) - Implement a BearerExtractor by [@WhyNotHugo](https://togithub.com/WhyNotHugo) in [https://github.com/golang-jwt/jwt/pull/226](https://togithub.com/golang-jwt/jwt/pull/226) - Bump matrix to support latest go version (go1.19) by [@mfridman](https://togithub.com/mfridman) in [https://github.com/golang-jwt/jwt/pull/231](https://togithub.com/golang-jwt/jwt/pull/231) - Include https://github.com/golang-jwt/jwe in README by [@oxisto](https://togithub.com/oxisto) in [https://github.com/golang-jwt/jwt/pull/229](https://togithub.com/golang-jwt/jwt/pull/229) - Add doc comment to ParseWithClaims by [@jkopczyn](https://togithub.com/jkopczyn) in [https://github.com/golang-jwt/jwt/pull/232](https://togithub.com/golang-jwt/jwt/pull/232) - Refactor: removed the unneeded if statement by [@Krout0n](https://togithub.com/Krout0n) in [https://github.com/golang-jwt/jwt/pull/241](https://togithub.com/golang-jwt/jwt/pull/241) - No pointer embedding in the example by [@oxisto](https://togithub.com/oxisto) in [https://github.com/golang-jwt/jwt/pull/255](https://togithub.com/golang-jwt/jwt/pull/255) #### New Contributors - [@krokite](https://togithub.com/krokite) made their first contribution in [https://github.com/golang-jwt/jwt/pull/217](https://togithub.com/golang-jwt/jwt/pull/217) - [@WhyNotHugo](https://togithub.com/WhyNotHugo) made their first contribution in [https://github.com/golang-jwt/jwt/pull/226](https://togithub.com/golang-jwt/jwt/pull/226) - [@jkopczyn](https://togithub.com/jkopczyn) made their first contribution in [https://github.com/golang-jwt/jwt/pull/232](https://togithub.com/golang-jwt/jwt/pull/232) - [@Krout0n](https://togithub.com/Krout0n) made their first contribution in [https://github.com/golang-jwt/jwt/pull/241](https://togithub.com/golang-jwt/jwt/pull/241) **Full Changelog**: golang-jwt/jwt@v4.4.2...v4.4.3 </details> --- ### Configuration 📅 **Schedule**: Branch creation - "before 3am on Monday" (UTC), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Enabled. ♻ **Rebasing**: Whenever PR is behind base branch, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] If you want to rebase/retry this PR, click this checkbox.  Co-authored-by: mend-for-github-com[bot] <50673670+mend-for-github-com[bot]@users.noreply.github.com>

This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [github.com/golang-jwt/jwt/v4](https://togithub.com/golang-jwt/jwt) | indirect | patch | `v4.4.2` -> `v4.4.3` | --- ### Release Notes <details> <summary>golang-jwt/jwt</summary> ### [`v4.4.3`](https://togithub.com/golang-jwt/jwt/releases/tag/v4.4.3): 4.4.3 [Compare Source](https://togithub.com/golang-jwt/jwt/compare/v4.4.2...v4.4.3) ##### What's Changed - fix: link update for README.md for v4 by [@krokite](https://togithub.com/krokite) in [https://github.com/golang-jwt/jwt/pull/217](https://togithub.com/golang-jwt/jwt/pull/217) - Implement a BearerExtractor by [@WhyNotHugo](https://togithub.com/WhyNotHugo) in [https://github.com/golang-jwt/jwt/pull/226](https://togithub.com/golang-jwt/jwt/pull/226) - Bump matrix to support latest go version (go1.19) by [@mfridman](https://togithub.com/mfridman) in [https://github.com/golang-jwt/jwt/pull/231](https://togithub.com/golang-jwt/jwt/pull/231) - Include https://github.com/golang-jwt/jwe in README by [@oxisto](https://togithub.com/oxisto) in [https://github.com/golang-jwt/jwt/pull/229](https://togithub.com/golang-jwt/jwt/pull/229) - Add doc comment to ParseWithClaims by [@jkopczyn](https://togithub.com/jkopczyn) in [https://github.com/golang-jwt/jwt/pull/232](https://togithub.com/golang-jwt/jwt/pull/232) - Refactor: removed the unneeded if statement by [@Krout0n](https://togithub.com/Krout0n) in [https://github.com/golang-jwt/jwt/pull/241](https://togithub.com/golang-jwt/jwt/pull/241) - No pointer embedding in the example by [@oxisto](https://togithub.com/oxisto) in [https://github.com/golang-jwt/jwt/pull/255](https://togithub.com/golang-jwt/jwt/pull/255) ##### New Contributors - [@krokite](https://togithub.com/krokite) made their first contribution in [https://github.com/golang-jwt/jwt/pull/217](https://togithub.com/golang-jwt/jwt/pull/217) - [@WhyNotHugo](https://togithub.com/WhyNotHugo) made their first contribution in [https://github.com/golang-jwt/jwt/pull/226](https://togithub.com/golang-jwt/jwt/pull/226) - [@jkopczyn](https://togithub.com/jkopczyn) made their first contribution in [https://github.com/golang-jwt/jwt/pull/232](https://togithub.com/golang-jwt/jwt/pull/232) - [@Krout0n](https://togithub.com/Krout0n) made their first contribution in [https://github.com/golang-jwt/jwt/pull/241](https://togithub.com/golang-jwt/jwt/pull/241) **Full Changelog**: golang-jwt/jwt@v4.4.2...v4.4.3 </details> --- ### Configuration 📅 **Schedule**: Branch creation - "before 3am on the first day of the month" (UTC), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://togithub.com/renovatebot/renovate).

* Implement a BearerExtractor This is a rather common extractor; it extracts the JWT from the HTTP Authorization header, expecting it to include the "Bearer " prefix. This patterns is rather common and this snippet is repeated in enough applications that it's probably best to just include it upstream and allow reusing it. * Ignore case-sensitivity for "Bearer"

oxisto reviewed Aug 11, 2022

View reviewed changes

request/extractor.go Outdated Show resolved Hide resolved

oxisto previously approved these changes Aug 15, 2022

View reviewed changes

WhyNotHugo dismissed oxisto’s stale review via 09600b6 August 15, 2022 11:32

oxisto reviewed Aug 15, 2022

View reviewed changes

request/extractor.go Outdated Show resolved Hide resolved

mfridman reviewed Aug 18, 2022

View reviewed changes

request/extractor.go Show resolved Hide resolved

Ignore case-sensitivity for "Bearer"

d634c29

oxisto approved these changes Aug 19, 2022

View reviewed changes

mfridman approved these changes Aug 19, 2022

View reviewed changes

oxisto merged commit fdaf0eb into golang-jwt:main Aug 19, 2022

WhyNotHugo deleted the bearer-token branch August 22, 2022 08:05

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Implement a BearerExtractor #226

Implement a BearerExtractor #226

WhyNotHugo commented Aug 10, 2022 •

edited

Loading

oxisto commented Aug 10, 2022

mfridman commented Aug 10, 2022

oxisto commented Aug 11, 2022

AlexanderYastrebov commented Dec 2, 2022

Implement a BearerExtractor #226

Implement a BearerExtractor #226

Conversation

WhyNotHugo commented Aug 10, 2022 • edited Loading

oxisto commented Aug 10, 2022

mfridman commented Aug 10, 2022

oxisto commented Aug 11, 2022

AlexanderYastrebov commented Dec 2, 2022

WhyNotHugo commented Aug 10, 2022 •

edited

Loading