Comments (3)
You can initialize koajwt with the option passthrough:true
to ensure that downstream middleware is called even when the auth fails. Then you can create a further middleware that returns a 401 if ctx.state.user is empty and use that for the authenticated routes.
from jwt.
Actually now that I think about it, this won't work. Why do you want to do this? You could do this by using the jsonwebtoken library's jwt.decode function directly for the unprotected routes. See https://www.npmjs.com/package/jsonwebtoken#jwtdecodetoken--options
from jwt.
Why do you want to do this?
I have an entity that can be publicly visible but depending on the record property (entity.public
: true/false) it determines whether the person requesting the data has access to it.
So for example, let's say I'm rebuilding github and I want to fetch a specific repository. I want that endpoint to be public because the system allows for public repos that don't require authorization. But if the resource the user is trying to fetch is private then I need to reject the request. Does that make sense?
Yeah that was my thinking as well: rebuild the parts of koa-jwt that extract the authorization header and manually add a ctx.state.user object for those unprotected routes.
from jwt.
Related Issues (20)
- How to support refresh tokens HOT 1
- "Secret not provided" even if it's configured HOT 3
- docs: The article link at readme is 404 HOT 1
- Open up repo to more people to maintain?
- Can this parse and verify that the token is correct? HOT 1
- Could we get an example of setting opts HOT 2
- Any space before and after Authorization header will result in the failure of koa-kwt to process and return an error HOT 3
- Wrong type definition for Options.issuer
- Add option to enable setting custom JSON object of decoded token in ctx HOT 3
- Question - not an issue HOT 1
- npm ownership HOT 3
- Does not work if used multiple times HOT 1
- koa-jwt suddenly, the token passed by the front end cannot be received HOT 1
- 401 is returned on the page that should return 404
- Missing other Claims in decoded JWT HOT 1
- Broken link in README.md HOT 1
- [fix] update jsonwebtoken HOT 5
- [feat] Add a `State` type export
- [feat] Missing jsonwebtoken options in type definitions
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from jwt.