Comments (5)
pauldijou
commented on June 12, 2024
Another user already reported the problem : #50
I'm not super kind to the idea of introducing a breaking change on the lib for a problem which is more about Akka HTTP than JWT Scala. Keep me updated about the Akka / Play framework team position, I would prefer for everyone to be able to use whatever HTTP headers they want rather than introducing this workaround.
from jwt-scala.
Isammoc
commented on June 12, 2024
The default behaviour is already broken for now with Play 2.6.
I strongly understand your position about the breaking change.
What about adding just one another configuration key for the server part?
Something like that :
# Header name for the request header where the library can find the JWT token used for the session
# Default : play.http.session.jwtName = "Authorization"
play.http.session.jwtName = "Authorization"
# Header name for the response header name where the library put the JWT token
# Default to the same value as play.http.session.jwtName.
play.http.session.jwtResponseName = nullAnd in the source:
val REQUEST_HEADER_NAME: String = getConfigString("play.http.session.jwtName").getOrElse("Authorization")
val RESPONSE_HEADER_NAME: String = getConfigString("play.http.session.jwtResponseName").getOrElse(getConfigString("play.http.session.jwtName").getOrElse("Authorization"))In this way, there are no breaking change, and the new feature is available for the user (like me) of the library who want different headers.
from jwt-scala.
Isammoc
commented on June 12, 2024
About the issue #50: Sorry I didn't see it, I only looked for open issues.
About your last comment in #50: The RFC7235 defines the Authorization as the valid header to authenticate the client. But nothing (as far as I seen) in RFCs set the Authorization header as invalid for response.
In another hand, we have an example with Cookie (request) and Set-Cookie (response) from RFC6265 and I guess there are other examples for this mechanism.
from jwt-scala.
pauldijou
commented on June 12, 2024
Ok, we can do that. A test with the PR would be nice but don't spend too much time on it, I can add it quickly after merging.
val REQUEST_HEADER_NAME: String = getConfigString("play.http.session.jwtName").getOrElse("Authorization")
val RESPONSE_HEADER_NAME: String = getConfigString("play.http.session.jwtResponseName").orElse(getConfigString("play.http.session.jwtName").getOrElse(REQUEST_HEADER_NAME))from jwt-scala.
pauldijou
commented on June 12, 2024
Released in 0.14.0
from jwt-scala.
Related Issues (20)
- Add zio-json usage documentation
- com.fasterxml.jackson.databind.JsonMappingException: Scala module 2.11.4 requires Jackson Databind version >= 2.11.0 and < 2.12.0 HOT 10
- 9.1.1 changelog? HOT 2
- zio-json partially missing in the docs
- com.fasterxml.jackson.databind.JsonMappingException: Scala module 2.11.4 requires Jackson Databind version >= 2.11.0 and < 2.12.0 HOT 2
- Why does JwtCirce.decode lead to java.time.Clock validating the expiration? HOT 3
- [Question] Support for Base64 url encoded keys HOT 1
- [Question] Lookup the algorithm from the token
- fix scala-js build HOT 5
- Ed25519 is not the correct JSON Web Algorithm name
- parseKey does not work with keys stored in AWS secrets manager
- Version 9.4.0 is not compatible with Scala 3.2.2 HOT 6
- New release? HOT 3
- scala.js compatibility
- Incorrect Regex for JTI and ISS
- Play 3.x support for `jwt-play` HOT 2
- Scala3 Support for jwt-play HOT 1
- scala-jwt 9.4.5 contains a major breaking change HOT 1
- com.fasterxml.jackson.databind.JsonMappingException: Scala module 2.14.3 requires Jackson Databind version >= 2.14.0 and < 2.15.0 - Found jackson-databind version 2.15.0 HOT 1
- JWKS? HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from jwt-scala.