Support for JWT handling

[GrandChaman]

Hi ! First of all, thank you for your amazing work !
I'm planning on adding support for JWT to the actix-web-httpauth crate.
Is this the right place to implement such feature ? Or would it be in another crate ?

Like for the Bearer auth already implemented, the JWT auth would have a config with different settings on how to validate the JWT and a struct wrapped in an Arc<RwLock<>> in which to store, access and hot-replace the JWKS.

An extractor would also be available to extract common header fields as well as common claims. (Maybe find a way to make the claims struct dynamic, so that people could plug-in there own struct for the claims)

This features would require the following crates :

• jsonwebtoken
• serde
• serde_json
• chrono

[Chaostheorie]

Any progress on this? I'm trying to implement JWT with cookies for my current application but would rather use a crate, because it's most likely written by people with more knowledge than me.

This might also provide a good starting point for some new developers instead of using actix-identity to make the entry easier and provide a secure base for applications.

[GrandChaman]

Unfortunately, I've got side tracked and won't be able to deal with this issue in quite some time

[quentusrex]

@GrandChaman Did you happen to start a branch with any work in progress code? This feature is now on my radar, and your description looks just like what I'm looking to find(or implement).

[GrandChaman]

@quentusrex I did start something for one of my final school projects, it's not production ready and needs a lot of rework, but maybe it'll get you started :)

[ted-tanner]

I might be interested in working on this at some point. I've implemented JWTs multiple times and know how to avoid pitfalls. However, for the next few months I will be very busy and likely won't get around to it. But I am willing to help/answer questions for anyone who does choose to work on it, if need be.