auth0 · kingscott · Jan 19, 2024
@@ -0,0 +1,14 @@
+# gRPC Example
+
+This is an example of how to build an endpoint middleware for a gRPC application.
+
+## Background
+
+The implementation of `jwtmiddleware.CheckJWT` is such that it is only to be used on HTTP endpoints. For an application
+that leverages an HTTP <-> gRPC gateway, deeper methods need to be used. 
+
+## How to use this middleware?
+
+This example is not runnable, by default. The provided middleware is an example of how you could implement the 
+`jwtmiddleware.CheckJWT` functionality in a different format. The token validation is provided by the `TokenValidator` 
+middleware.
@@ -0,0 +1,27 @@
+package main
+
+import (
+	"context"
+	"github.com/go-kit/kit/endpoint"
+)
+
+func makeDoTheThingEndpoint(s ExampleService) endpoint.Endpoint {
+	return func(ctx context.Context, r interface{}) (interface{}, error) {
+		req := r.(*example.DoTheThingRequest)
+		return s.DoTheThing(ctx, req)
+	}
+}
+
+type ExampleEndpoints struct {
+	DoTheThing endpoint.Endpoint
+}
+
+func CreateEndoints(svc ExampleService) *ExampleEndpoints {
+	doTheThingEndpoint := endpoint.Chain(
+		TokenValidator(ExampleAuth0Issuer),
+	)(makeDoTheThingEndpoint(svc))
+
+	return &ExampleEndpoints{
+		DoTheThing: doTheThingEndpoint,
+	}
+}
@@ -0,0 +1,20 @@
+syntax = "proto3";
+
+package main;
+
+import "google/protobuf/struct.proto";
+
+option go_package = "github.com/auth0/go-jwt-middleware/examples/grpc-example;grpc";
+
+service ExampleService {
+  rpc DoTheThing(DoTheThingRequest) returns (DoTheThingResponse) {
+    option (google.api.http) = {
+      get: "/ping",
+      body: "*",
+    };
+  }
+}
+
+message DoTheThingRequest {}
+
+message DoTheThingResponse {}
@@ -0,0 +1,60 @@
+package main
+
+import (
+	"context"
+	"errors"
+	"github.com/auth0/go-jwt-middleware/v2/jwks"
+	"github.com/auth0/go-jwt-middleware/v2/validator"
+	"github.com/go-kit/kit/endpoint"
+	"net/url"
+	"time"
+)
+
+const (
+	ExampleAuth0Audience = "api.audience"
+)
+
+// getJWTValidator validates a JWT similar to the package CheckJWT method.
+func getJWTValidator(iss string) (*validator.Validator, error) {
+	issuer, err := url.Parse(iss)
+	if err != nil {
+		return nil, err
+	}
+
+	provider := jwks.NewCachingProvider(issuer, 5*time.Minute)
+	jwtValidator, err := validator.New(
+		provider.KeyFunc,
+		validator.RS256,
+		issuer.String(),
+		[]string{ExampleAuth0Audience},
+	)
+	if err != nil {
+		return nil, err
+	}
+
+	return jwtValidator, nil
+}
+
+// TokenValidator is a go-kit endpoint-level middleware to validate a JWT issued from Auth0.
+func TokenValidator(iss string) endpoint.Middleware {
+	return func(next endpoint.Endpoint) endpoint.Endpoint {
+		return func(ctx context.Context, request interface{}) (interface{}, error) {
+			accessToken, ok := ctx.Value("access_token").(string)
+			if !ok {
+				return nil, errors.New("no token found")
+			}
+
+			valid8r, err := getJWTValidator(iss)
+			if err != nil {
+				return nil, errors.New("cannot get JWT validator")
+			}
+
+			_, err = valid8r.ValidateToken(ctx, accessToken)
+			if err != nil {
+				return nil, errors.New("cannot validate token (unauthenticated)")
+			}
+
+			return next(ctx, request)
+		}
+	}
+}
@@ -0,0 +1,7 @@
+package main
+
+import "context"
+
+type ExampleService interface {
+	DoTheThing(ctx context.Context, req *example.DoTheThingRequest) (*example.DoTheThingResponse, error)
+}
@@ -0,0 +1,17 @@
+package main
+
+import "github.com/go-kit/kit/transport/grpc"
+
+type GrpcTransport struct {
+	doTheThing grpc.Handler
+}
+
+func NewGrpcTransport(ep *ExampleEndpoints) *GrpcTransport {
+	return &GrpcTransport{
+		doTheThing: grpc.NewServer(
+			ep.DoTheThing,
+			nil,
+			nil,
+		),
+	}
+}
@@ -3,6 +3,7 @@ module github.com/auth0/go-jwt-middleware/v2
 go 1.19
 
 require (
+	github.com/go-kit/kit v0.13.0
 	github.com/google/go-cmp v0.6.0
 	github.com/stretchr/testify v1.8.4
 	golang.org/x/sync v0.5.0
@@ -11,7 +12,16 @@ require (
 
 require (
 	github.com/davecgh/go-spew v1.1.1 // indirect
+	github.com/go-kit/log v0.2.0 // indirect
+	github.com/go-logfmt/logfmt v0.5.1 // indirect
+	github.com/golang/protobuf v1.5.2 // indirect
 	github.com/pmezard/go-difflib v1.0.0 // indirect
 	golang.org/x/crypto v0.17.0 // indirect
+	golang.org/x/net v0.10.0 // indirect
+	golang.org/x/sys v0.15.0 // indirect
+	golang.org/x/text v0.14.0 // indirect
+	google.golang.org/genproto v0.0.0-20210917145530-b395a37504d4 // indirect
+	google.golang.org/grpc v1.40.0 // indirect
+	google.golang.org/protobuf v1.27.1 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
 )