Add JWT token option to S2SClient (#50)

* Add JWT token option to S2SClient

* Add clarification to S2SClient function documentation regarding JWT token creation

* Add clarification to S2SClient function documentation regarding JWTToken precedence

* Use transport.SetHeader() for the static JWT token

---------

Co-authored-by: Vojtech Vitek <[email protected]>

Author: klaidliadon

go.mod

@@ -9,7 +9,10 @@ require (
 	github.com/go-chi/metrics v0.1.0
 	github.com/go-chi/traceid v0.2.0
 	github.com/go-chi/transport v0.4.0
+	github.com/goware/base64 v0.1.0
+	github.com/jxskiss/base62 v1.1.0
 	github.com/lestrrat-go/jwx/v2 v2.1.3
+	github.com/spf13/cobra v1.9.1
 	github.com/stretchr/testify v1.10.0
 )
 
@@ -20,9 +23,7 @@ require (
 	github.com/decred/dcrd/dcrec/secp256k1/v4 v4.3.0 // indirect
 	github.com/goccy/go-json v0.10.3 // indirect
 	github.com/google/uuid v1.6.0 // indirect
-	github.com/goware/base64 v0.1.0 // indirect
 	github.com/inconshreveable/mousetrap v1.1.0 // indirect
-	github.com/jxskiss/base62 v1.1.0 // indirect
 	github.com/kr/text v0.2.0 // indirect
 	github.com/lestrrat-go/blackmagic v1.0.2 // indirect
 	github.com/lestrrat-go/httpcc v1.0.1 // indirect
@@ -37,7 +38,6 @@ require (
 	github.com/prometheus/procfs v0.15.1 // indirect
 	github.com/rogpeppe/go-internal v1.12.0 // indirect
 	github.com/segmentio/asm v1.2.0 // indirect
-	github.com/spf13/cobra v1.9.1 // indirect
 	github.com/spf13/pflag v1.0.6 // indirect
 	golang.org/x/crypto v0.31.0 // indirect
 	golang.org/x/sync v0.10.0 // indirect

s2s.go

@@ -14,13 +14,21 @@ import (
 )
 
 type S2SClientConfig struct {
-	Service       string
-	JWTSecret     string
-	AccessKey     string
+	// JWTToken is the static JWT token used for authentication.
+	JWTToken string
+	// JWTSecret is the secret key used to dynamically create JWT BEARER token for authorization.
+	JWTSecret string
+	// Service is used in the service claim of the JWT token.
+	Service string
+	// AccessKey is an optional access key used for authentication.
+	AccessKey string
+	// DebugRequests enables logging of HTTP requests.
 	DebugRequests bool
 }
 
 // Service-to-service HTTP client for internal communication between Sequence services.
+// If JWTSecret is provided, it will create a HS256 JWT token with the service name in the claims.
+// If both JWTSecret and JWTToken are provided, JWTToken will take precedence.
 func S2SClient(cfg *S2SClientConfig) *http.Client {
 	serviceName := cmp.Or(cfg.Service, filepath.Base(os.Args[0]))
 
@@ -33,6 +41,9 @@ func S2SClient(cfg *S2SClientConfig) *http.Client {
 					return "BEARER " + S2SToken(cfg.JWTSecret, map[string]any{"service": serviceName})
 				}),
 			),
+			transport.If(cfg.JWTToken != "",
+				transport.SetHeader("Authorization", "BEARER "+cfg.JWTToken),
+			),
 			transport.If(cfg.AccessKey != "",
 				transport.SetHeader("X-Access-Key", cfg.AccessKey),
 			),