Question regarding the example app

[tpoxa]

Hi everyone. I've just tested the example app (https://github.com/dexidp/dex/tree/master/examples/example-app) works perfectly.
But now I am a bit confused.
Which data should be persistent between visits of protected pages? It looks like a pair of access + refresh tokens.
Then question which actions I should perform in the middleware? How to verify access token and in case of expiration - refresh it.

Many thanks in advance. Would be really good to add some cookies stuff and some protected page with implied middleware to the example app.

Thanks for the Dex!

[tpoxa]

Ok here is a small example of how to add a profile route to the example app. Use IDtoken as a bearer token.

// register route
http.Handle("/profile", a.middleware(http.HandlerFunc(a.handleProfile)))

// middleware

func (a *app) middleware(next http.Handler) http.Handler {
  return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
	  ctx := r.Context()
	  authHeader := strings.Split(r.Header.Get("Authorization"), "Bearer ")
	  if len(authHeader) != 2 {
		  w.WriteHeader(http.StatusUnauthorized)
		  http.Error(w, "malformed Token", http.StatusUnauthorized)
		  return
	  }
  
	  idToken, err := a.verifier.Verify(r.Context(), strings.TrimSpace(authHeader[1]))
	  if err != nil {
		  http.Error(w, fmt.Sprintf("could not verify bearer token: %v", err), http.StatusUnauthorized)
		  return
	  }
	  // Extract custom claims.
	  var claims json.RawMessage
  
	  if err := idToken.Claims(&claims); err != nil {
		  http.Error(w, fmt.Sprintf("failed to parse claims: %v", err), http.StatusUnauthorized)
		  return
	  }
	  
	  ctx = context.WithValue(ctx, "idclaims", claims)
	  // Access context values in handlers like this
	  // props, _ := r.Context().Value("props").(jwt.MapClaims)
	  next.ServeHTTP(w, r.WithContext(ctx))
  })
}

// profile handler
func (a *app) handleProfile(w http.ResponseWriter, r *http.Request) {
	ctx := r.Context()
	claims, ok :=  ctx.Value("idclaims").(json.RawMessage)
	if ok {
		fmt.Fprintf(w, "profile: %s", claims)
	}
}

Token refresh is already presented in the example app.