StoreToken introduced + a token is written to request.Env to be able …

[ruseinov]

…to use it in the Authorizator

I'd needed that hook to support checking these tokens against Redis or any other storage.
If you find that viable for your product - feel free to merge. In my opinion extra hook does not hurt.
That's what I've been missing in a lot of middlewares, yours is almost perfect for my needs.

[StephanDollberg]

Hi @ruseinov,

Thanks for your PR.

I am not really sure whether this is in the scope of this middleware and makes sense in general. Could you maybe share what your usecases for this are?

Cheers,
Stephan

[Stunkymonkey]

Hi @StephanDollberg ,

i am missing this feature too.
In this case you can not really logout of your site. If someone else has stolen your JWT, he will still be able to login, without any problems. The only "logout" would be, that the Token expires.

The solution would be to store the JWT in a database and if a user is logging out, delete the entry. (still check if the token is valid)

in this case you will never be able to store the JWT anywhere. Thats why he wants the feature

Greetings,
Stunkymonkey

[ruseinov]

Hello @StephanDollberg,

What @Stunkymonkey said basically.

Best,
Roman