Gokit way of attaching authentication

[Bryce Fisher-Fleig]

My gokit application is currently, single transport, http. Since it is user facing, I need to add authentication. My authentication logic is always the same, but a critical part of the authentication logic involves reading information out of the path.

I wanted to add my authentication logic as a ServerBefore option, but ServerBefore can only update the context -- not hijack the request and do early return. I also looked at using a DecodeRequestFunc, but any error returned is *always* wrapped in a BadRequestError whereas I'd want to return a different kind of error.

Is there any way, other than annotating an endpoint with middleware to perform auth logic before my endpoint tries to authenticate the request?

[Peter Bourgon]

Broadly speaking, the role of the transport components (including
transport/http.ServerBefore) is to move information from the transport
domain to the business domain. Stuff like Authentication is in
something of a gray area, but I'd place it more as business logic. My
intuition would be to use ServerBefore to put relevant bits from the
path into the context, and then use a middleware to take information
from the context and do the authentication. I guess this is what
you're suggesting in your final paragraph? Can you explain a bit more
why you'd find that less than ideal?

Cheers,
Peter.

> --
> You received this message because you are subscribed to the Google Groups
> "Go kit" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to go-kit+un...@googlegroups.com.
> To post to this group, send email to go-...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/go-kit/d7819db5-3c50-4436-8b4e-b20e1b578a48%40googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.

[Germán Leandro Vázquez]

Do you know anybody that could or attempted to integrate JWT (https://jwt.io/) into a go-kit service.

JWT instruments heavily the http transport layer.

[Ivan Fraixedes]

In case that it can be useful I had an implementation of what @peter mentioned in https://github.com/ifraixedes/kit/tree/jwt-auth/auth/jwt

I was working in that kind of stuff, however, it was to achieve something that we needed in what my current team and I are working on and the brain behind our architecture which is based in Go-kit haven't got the time so far to review it, besides that we have other preferences know and we postpone the JWT stuff to eventually tackle it again.

Hence, I'm not sure if the implementation is useful and ready to start to use, because I need some feedback from people with deep knowledge in Go kit, nonetheless, I'm currently very busy so I thought that it's annoying to open a PR, people spend their time providing feedback and I don't do anything because I'm currently very busy.

[Germán Leandro Vázquez]

that's what I was looking for, thanks!!!!

I'm not a go-kit expert but I think you are on the correct path! 

[Bot of bots]

I remember that the chosen JWT library isn't very good designed.

I used at the beginning another one, however, I swapped to this one because I felt that it define better the JWT scope with type names and interfaces, but it turned very hard to deal with those, because the implementation isn't in idiomatic Go and it's a complete mess of  types conversions and interfaces.

Anyway, I made it work for the expectations that I had.

--

You received this message because you are subscribed to the Google Groups "Go kit" group.
To unsubscribe from this group and stop receiving emails from it, send an email to go-kit+un...@googlegroups.com.
To post to this group, send email to go-...@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/go-kit/7977ea22-f4a7-4522-b45d-7c46475ac601%40googlegroups.com.

For more options, visit https://groups.google.com/d/optout.

--

Ivan Fraixedes
Software Engineer

ivan.fraixed.es

blog.fraixed.es
 L | GH | T | G+ | FB