Support for Placeholder Integration on JWKURL

[Cafeine42]

For #95

Exemple of use case in Caddyfile :

        map {host} {app.jwk_url} {
            demo.localhost {$KEYCLOAK_URL}/realms/demo/protocol/openid-connect/certs
            default {$KEYCLOAK_URL}/realms/test/protocol/openid-connect/certs
        }
        log_append debug {app.jwk_url}
        jwtauth {
            jwk_url {app.jwk_url}
        }

[Cafeine42]

To drop

[ggicci]

Got it. You don't have to change the module path if you do this in Git:

# clone the repo
git clone git@github.com:ggicci/httpin.git

# rename origin to upstream
git remote rename origin upstream

# add your forked repo as the origin remote
git remote add origin git@github.com:Cafeine42/httpin.git

# make some changes to the source code and commit to origin (your own repo) and open PR on GitHub
git add ...
git commit ...
git push origin ...

[Cafeine42]

I have this error when i try to install my version, it's why i changed this line.

RUN apk add --no-cache git &&
xcaddy build
--output /usr/local/bin/frankenphp
...
# Auth module
--with github.com/Cafeine42/caddy-jwt@v0.0.10

11.73 2025/05/27 09:45:51 [INFO] exec (timeout=0s): /usr/local/go/bin/go get -v -ldflags -w -s -extldflags '-Wl,-z,stack-size=0x80000' github.com/Cafeine42/caddy-jwt@v0.0.9 github.com/caddyserver/caddy/v2
15.89 go: downloading github.com/Cafeine42/caddy-jwt v0.0.9
21.22 go: github.com/Cafeine42/caddy-jwt@v0.0.9 found: parsing go.mod:
21.22 module declares its path as: github.com/ggicci/caddy-jwt
21.22 but was required as: github.com/Cafeine42/caddy-jwt
21.22 go: github.com/Cafeine42/caddy-jwt@v0.0.9 requires github.com/Cafeine42/caddy-jwt@v0.0.9: parsing go.mod:
21.22 module declares its path as: github.com/ggicci/caddy-jwt
21.22 but was required as: github.com/Cafeine42/caddy-jwt
21.22 2025/05/27 09:46:00 [FATAL] exit status 1

[codecov-commenter]

Codecov Report

Attention: Patch coverage is 70.51282% with 23 lines in your changes missing coverage. Please review.

Project coverage is 90.09%. Comparing base (a248851) to head (3ce36e8).

Files with missing lines	Patch %	Lines
jwt.go	70.51%	16 Missing and 7 partials ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##             main      #96      +/-   ##
==========================================
- Coverage   95.10%   90.09%   -5.01%     
==========================================
  Files           2        2              
  Lines         347      404      +57     
==========================================
+ Hits          330      364      +34     
- Misses         12       28      +16     
- Partials        5       12       +7     

Flag	Coverage Δ
unittests	90.09% <70.51%> (-5.01%)	⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[ggicci]

Thank you @Cafeine42 very much for the contribution! I will take a look this weekend and aim to merge and release as well.

[ggicci]

Since the keys are populated during requests handling, I believe it should be guarded with a sync.RWMutex to allow concurrent access safely. No?

[ggicci]

Cool, French is beautiful, but let's use English here 😆

[ggicci]

Does it have to be a placeholder URL here? Looks like the wording is a little misleading as both a static JWK URL and a placeholder URL will go this code path.

[ggicci]

Even there're only two lines of code here, I would prefer creating a separate function to get the JWK URL which is bound to the given HTTP request.

[ggicci]

Maybe it's better to merge them as one.

[ggicci]

Nice renaming, thx!

[ggicci]

Also, shall we create a struct type for the caches? I saw it has been used multiple times in the code later.

type jwkCacheEntry struct {
  URL String
  Cache *jwk.Cache
  CachedSet jwk.Set
}

[ggicci]

Please simplify this by using a new type, which was requested in my comments above.

[ggicci]

This block is a repeat of refreshJWKCache(resolvedURL). I can imagine why you didn't call refreshJWKCache here was that it creates recusive calls.

Creating fine grained functions can avoid this. For example:

refreshJWKCache(entry, resolvedURL)

// or even better when we have the new type for the entry
entry.refresh() // entry: of jwkCacheEntry

[ggicci]

Since we want to reuse the refresh logic in getOrCreateJWKCache(), let's don't call getOrCreateJWKCache() here. The function should have less dependencies. I would suggest encapsulating it in a method of the proposed jwkCacheEntry struct above.

[ggicci]

hey @Cafeine42, thanks for the contribution. The code logic looks good to me. I left a bunch of comments there, basically all for code simplifying. Please let me know if you want my help on the update in case you don't have much time.

[Cafeine42]

@ggicci Thanks for the review ! I’ve implemented the suggested changes, they help simplify the code. I wasn’t able to test everything thoroughly on my project though, so let me know if you run into any issues or if there’s anything else to tweak. I might test it more extensively next week.

[ggicci]

LGTM, thx :)

[ggicci]

Too late now, I will merge and add docs and then do the release soon. Again, thanks very much for the feature implementation :)