Advanced authentication

[igorlesnenko]

Need to implement better token auth system.
Important: if token is provided and it is invalid we need to return error and don't return any data.
Same for websockets: need to disconnect expired/invalid tokens somehow and not allow to create connection

[sneerin]

yeah, that would be nice to have

[sneerin]

Just walked briefly through the source code, how can I add the JWT authentification instead of your middleware? If I create the new one will it override yours? Do you want us to create a pull request for that?

[igorlesnenko]

Hi @sneerin!

At the moment, there is no ability to select middlewares or add your own custom middlewares. We have an issue for that: #27

I see two ways to add JWT auth:

1. Add another default middleware jwt-auth in the framework source.
2. Use your own JWT middleware outside of the framework

Both cases are depends on the issue: #27

[igorlesnenko]

https://paragonie.com/blog/2017/02/split-tokens-token-based-authentication-protocols-without-side-channels