Authentication with Json Web Tokens

[Riccardo Sirigu]

Hi everyone, 

I'm trying to protect my RESTful APIs with JWT.

I created a subclass of HttpAuthentication 

case classJWTAuthentication(realmName: String)(func: PartialFunction[(String, Req), Boolean]) extends HttpAuthentication{
   ....
   override def verified_?: PartialFunction[Req, Boolean] = {
     case (req) =>
       //verify the JWT and extract claims
       func(decoded, req)
   }
}

In Boot.scala I have

LiftRules.authentication = JWTAuthentication("api"){
  case(payload, _) =>
    println(payload)
    true
}

The problem is that in my APIs I need to access the extracted claims 

serve("api" / "test" prefix {

  case "protected" :: Nil JsonPost json -> req =>
    //It would be cool to have the req with the decoded token, and not re decode the token on each protected endpoint
})

Is there a way to modify the request in order to augment it with the decoded jwt?

I took a look at RewriteRequest but I think It's not suitable for my use case 

Thanks in advance

[Matt Farmer]

Have you considered sticking the claims in a TransientRequestVar in your authentication handler? You could then read the TransientRequestVar from your API to determine what claims are associated with the current request.

--
--
Lift, the simply functional web framework: http://liftweb.net
Code: http://github.com/lift
Discussion: http://groups.google.com/group/liftweb
Stuck? Help us help you: https://www.assembla.com/wiki/show/liftweb/Posting_example_code

---
You received this message because you are subscribed to the Google Groups "Lift" group.
To unsubscribe from this group and stop receiving emails from it, send an email to liftweb+u...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Riccardo Sirigu]

I didn't.. thank you Matt