Skip to content

Add JWT token option to S2SClient #50

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
VojtechVitek merged 4 commits into from
Jul 22, 2025
Merged

Add JWT token option to S2SClient #50

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
41055df
Add JWT token option to S2SClient
klaidliadon Jul 22, 2025
0707d96
Add clarification to S2SClient function documentation regarding JWT t…
klaidliadon Jul 22, 2025
93e4c80
Add clarification to S2SClient function documentation regarding JWTTo…
klaidliadon Jul 22, 2025
948295d
Use transport.SetHeader() for the static JWT token
VojtechVitek Jul 22, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 3 additions & 3 deletions go.mod
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,10 @@ require (
github.com/go-chi/metrics v0.1.0
github.com/go-chi/traceid v0.2.0
github.com/go-chi/transport v0.4.0
github.com/goware/base64 v0.1.0
github.com/jxskiss/base62 v1.1.0
github.com/lestrrat-go/jwx/v2 v2.1.3
github.com/spf13/cobra v1.9.1
github.com/stretchr/testify v1.10.0
)

Expand All @@ -20,9 +23,7 @@ require (
github.com/decred/dcrd/dcrec/secp256k1/v4 v4.3.0 // indirect
github.com/goccy/go-json v0.10.3 // indirect
github.com/google/uuid v1.6.0 // indirect
github.com/goware/base64 v0.1.0 // indirect
github.com/inconshreveable/mousetrap v1.1.0 // indirect
github.com/jxskiss/base62 v1.1.0 // indirect
github.com/kr/text v0.2.0 // indirect
github.com/lestrrat-go/blackmagic v1.0.2 // indirect
github.com/lestrrat-go/httpcc v1.0.1 // indirect
Expand All @@ -37,7 +38,6 @@ require (
github.com/prometheus/procfs v0.15.1 // indirect
github.com/rogpeppe/go-internal v1.12.0 // indirect
github.com/segmentio/asm v1.2.0 // indirect
github.com/spf13/cobra v1.9.1 // indirect
github.com/spf13/pflag v1.0.6 // indirect
golang.org/x/crypto v0.31.0 // indirect
golang.org/x/sync v0.10.0 // indirect
Expand Down
17 changes: 14 additions & 3 deletions s2s.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -14,13 +14,21 @@ import (
)

type S2SClientConfig struct {
Service string
JWTSecret string
AccessKey string
// JWTToken is the static JWT token used for authentication.
JWTToken string
// JWTSecret is the secret key used to dynamically create JWT BEARER token for authorization.
JWTSecret string
// Service is used in the service claim of the JWT token.
Service string
// AccessKey is an optional access key used for authentication.
AccessKey string
// DebugRequests enables logging of HTTP requests.
DebugRequests bool
}

// Service-to-service HTTP client for internal communication between Sequence services.
// If JWTSecret is provided, it will create a HS256 JWT token with the service name in the claims.
// If both JWTSecret and JWTToken are provided, JWTToken will take precedence.
func S2SClient(cfg *S2SClientConfig) *http.Client {
serviceName := cmp.Or(cfg.Service, filepath.Base(os.Args[0]))

Expand All @@ -33,6 +41,9 @@ func S2SClient(cfg *S2SClientConfig) *http.Client {
return "BEARER " + S2SToken(cfg.JWTSecret, map[string]any{"service": serviceName})
}),
),
transport.If(cfg.JWTToken != "",
transport.SetHeader("Authorization", "BEARER "+cfg.JWTToken),
),
transport.If(cfg.AccessKey != "",
transport.SetHeader("X-Access-Key", cfg.AccessKey),
),
Expand Down