Jwt

[mdtrooper]

Yes.

The JWT is coded into Martin. And it is runs fine.

Regards 🍻 .

[codecov]

Codecov Report

Merging #190 (0eaf52e) into master (b998c17) will decrease coverage by 0.93%.
The diff coverage is 3.79%.

@@            Coverage Diff             @@
##           master     #190      +/-   ##
==========================================
- Coverage   41.14%   40.20%   -0.94%     
==========================================
  Files          13       13              
  Lines        1541     1577      +36     
==========================================
  Hits          634      634              
- Misses        907      943      +36     

Impacted Files	Coverage Δ
src/bin/main.rs	0.84% <0.00%> (-0.07%)	⬇️
src/server.rs	35.45% <0.00%> (-2.22%)	⬇️
src/config.rs	51.45% <37.50%> (-3.19%)	⬇️
src/lib.rs	34.58% <0.00%> (+0.05%)	⬆️

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update b998c17...4e5e033. Read the comment docs.

[PawelBaranowski]

Hi @mdtrooper! This looks promising, but having read the code I believe it only supports authentication via token validation. Could we extend this solution to support authorization via claim values? My use case is to carry user's id or role in JWT claims in order to use these values to filter results.

[nyurik]

@mdtrooper @PawelBaranowski this PR has been open for a while, but sadly has not received any attention. It seems fairly straightforward. Can we resume the discussion about this, maybe as part of an issue, to decide if 1) is this still relevant/needed, 2) how would we automate testing for this as part of CI

[PawelBaranowski]

@nyurik TBH I'm (sadly) no longer an active user of Martin. Also, Rust is not my world, so I'll probably be of little help here.

[mdtrooper]

But...one question.

Martin was a project for a company. Urbica o Yandex?

[stepankuzmin]

Hi @mdtrooper 👋

Martin was created by Urbica.

[lefuturiste]

Hello, any updates on this?

[nyurik]

@lefuturiste I would be OK to merge it if this PR would be updated and include unit or integration tests and some rudimentary docs. I have no knowledge of JWT, so I cannot really gauge how this would be used or tested, but if someone puts in the efforts to add support for it (and also clearly explains why it is needed), I'm all for it.

[lefuturiste]

@lefuturiste I would be OK to merge it if this PR would be updated and include unit or integration tests and some rudimentary docs. I have no knowledge of JWT, so I cannot really gauge how this would be used or tested, but if someone puts in the efforts to add support for it (and also clearly explains why it is needed), I'm all for it.

Okay fair enough, it need docs and tests. May be I can take a look, in my current use of martin, we would use it behind a nginx server with a JWT module so idk. But in anycase some sort of JWT should be implemented at the app level.