From 34bdbe90a149772d51d8e0dec67f4e3a99e87881 Mon Sep 17 00:00:00 2001 From: Lorain <87760338+justlorain@users.noreply.github.com> Date: Thu, 5 Oct 2023 18:46:16 +0800 Subject: [PATCH] docs: fix incorrect description in jwt keyfunc (#799) Co-authored-by: Jiun Lee --- .../en/docs/hertz/tutorials/basic-feature/middleware/jwt.md | 6 ++++-- .../zh/docs/hertz/tutorials/basic-feature/middleware/jwt.md | 6 ++++-- 2 files changed, 8 insertions(+), 4 deletions(-) diff --git a/content/en/docs/hertz/tutorials/basic-feature/middleware/jwt.md b/content/en/docs/hertz/tutorials/basic-feature/middleware/jwt.md index 3b293a40ef..3af0e89314 100644 --- a/content/en/docs/hertz/tutorials/basic-feature/middleware/jwt.md +++ b/content/en/docs/hertz/tutorials/basic-feature/middleware/jwt.md @@ -201,7 +201,9 @@ authMiddleware, err := jwt.New(&jwt.HertzJWTMiddleware{ ### KeyFunc -The program executes with `KeyFunc` as a parameter to `jwt.Parse()`, which is responsible for providing the signing key for token parsing. By customizing the logic of `KeyFunc`, you can perform some custom operations before parsing the token, such as checking the validity of the signing method, selecting the corresponding signing key, storing the token in the request context, etc. +The program executes with `KeyFunc` as a parameter to `jwt.Parse()`, which is responsible for providing the signing key for token parsing. By customizing the logic of `KeyFunc`, you can perform some custom operations before parsing the token, such as checking the validity of the signing method. + +**Note: `KeyFunc` only takes effect when the token is parsed, not when the token is issued** Function signatures: @@ -442,7 +444,7 @@ auth.GET("/refresh_token", authMiddleware.RefreshHandler) ### TokenLookup -There are four options for declaring the source of a token as a key-value pair, with the default value being `header:Authorization`. If more than one token source is declared, the first that satisfies the input format is selected while the rest are ignored. +There are four options for declaring the source of a token as a key-value pair, with the default value being `header:Authorization`. If more than one token source is declared, the first that satisfies the input format is selected, separated by `,`. If the token is not obtained, it will continue to obtain token from the next declared data source. Sample Code: diff --git a/content/zh/docs/hertz/tutorials/basic-feature/middleware/jwt.md b/content/zh/docs/hertz/tutorials/basic-feature/middleware/jwt.md index ff9f57c0e3..b6f256501c 100644 --- a/content/zh/docs/hertz/tutorials/basic-feature/middleware/jwt.md +++ b/content/zh/docs/hertz/tutorials/basic-feature/middleware/jwt.md @@ -201,7 +201,9 @@ authMiddleware, err := jwt.New(&jwt.HertzJWTMiddleware{ ### KeyFunc -程序执行时 `KeyFunc` 作为 `jwt.Parse()` 的参数,负责为 token 解析提供签名密钥,通过自定义 `KeyFunc` 的逻辑,可以在解析 token 之前完成一些自定义的操作,如:校验签名方法的有效性、选择对应的签名密钥、将 token 存入请求上下文等。 +程序执行时 `KeyFunc` 作为 `jwt.Parse()` 的参数,负责为 token 解析提供签名密钥,通过自定义 `KeyFunc` 的逻辑,可以在解析 token 之前完成一些自定义的操作,如:校验签名方法的有效性。 + +**注意:`KeyFunc` 只在解析 token 时生效,签发 token 时不生效** 函数签名: @@ -442,7 +444,7 @@ auth.GET("/refresh_token", authMiddleware.RefreshHandler) ### TokenLookup -通过键值对的形式声明 token 的获取源,有四种可选的方式,默认值为 header:Authorization,如果同时声明了多个数据源则以 `,` 为分隔线,第一个满足输入格式的数据源将被选择,其余忽略。 +通过键值对的形式声明 token 的获取源,有四种可选的方式,默认值为 header:Authorization,如果同时声明了多个数据源则以 `,` 为分隔线,第一个满足输入格式的数据源将被选择,如果没有获取到 token 则继续从下一个声明的数据源获取。 示例代码: