Update JWT middleware

[AngangGuo]

JWT has updated to v4.2.0 as for now. There're some improvement in v4 - Go module support, use RegisteredClaims instead of StandardClaims, etc.
Do you have any plan to update the JWT middleware to use this new version?

[aldas]

I am not sure if there will be switch off from jwt.MapClaims any time soon. This is because if you have default settings and have set token into context and get it from other middleware or handler you probably cast it into that type and changing that breaks things.

JWTConfig.ParseTokenFunc allows to you create your own token parsing function and use any version or library you like.

[AngangGuo]

Will there be any conflict if I use v4.2.0 in my application and the middleware use v3.x?

[aldas]

If you create your own JWTConfig.ParseTokenFunc (copy implementation from here) and use imports from "github.com/golang-jwt/jwt/v4" you should be fine.

I think minimal implementation is:

config := middleware.JWTConfig{
  TokenLookup: "query:token",
  ParseTokenFunc: func(auth string, c echo.Context) (interface{}, error) {
    keyFunc := func(t *jwt.Token) (interface{}, error) {
      if t.Method.Alg() != "HS256" {
        return nil, fmt.Errorf("unexpected jwt signing method=%v", t.Header["alg"])
      }
      return signingKey, nil
    }

    // claims are of type `jwt.MapClaims` when token is created with `jwt.Parse`
    token, err := jwt.Parse(auth, keyFunc)
    if err != nil {
      return nil, err
    }
    if !token.Valid {
      return nil, errors.New("invalid token")
    }
    return token, nil
  },
}

[AngangGuo]

Got it. Great thanks.

[re-Tick]

Hey but what if when we wants to use a custom claims which is embedding jwt.Standardclaims in it. Then, echo middleware's JWTConfig is showing type error of Claims field.

[re-Tick]

Also since jwt.Token have Claims as field therefore jwt.KeyFunc signature is also changed and throwing type error. I think you should consider updating jwt version in echo jwt middleware.