Altering Validation Options to jwt.Validate()

[carwyn]

The new underlying JWT library supports options for validation via jwt.Validate(t Token, options ...ValidateOption), unfortunately this isn't exposed in jwtauth.

jwtauth.Verifier(ja *JWTAuth) calls down the verification stack until jwtauth.VerifyToken(ja *JWTAuth, tokenString string) where in the body there is a call to jwt.Validate(t Token, options ...ValidateOption), unfortunately I can't see a way to alter these options from the jwtauth API though?

Meanwhile the jwtauth.Authenticator(next http.Handler) example also calls jwt.Validate(...) (i.e. a second call to this function in the request sequence) where obviously it's possible to add the validation options using a custom Authenticator.

Is the expectation that a second call to jwt.Validate(...) with or without options parameters will be needed in any custom Authenticator? It looks like if I could pass the options in I could avoid calling the function again.

[carwyn]

Should there even be a call to jwt.Validate(...) in jwtauth.VerifyToken(...)? (thinking out loud here)

Without setting parse or verify options or at least setting one of iat, exp or nbf or a claim passed in via jwtauth.Encode(...) it doesn't look like the call to jwt.Validate(...) in jwtauth.VerifyToken(...) will do anything?

If the user has to set something outside the jwtauth API via jwtauth.Encode(...) does it make more sense for them to also take responsibility for dealing with the jwt.Validate(...)?