feat(jwk): Add headerName to jwk middleware

Author: JoaquinGimenez1

src/middleware/jwk/index.test.ts

@@ -434,6 +434,57 @@ describe('JWK', () => {
     })
   })
 
+  describe('Credentials in custom header', () => {
+    let handlerExecuted: boolean
+
+    beforeEach(() => {
+      handlerExecuted = false
+    })
+
+    const app = new Hono()
+
+    app.use('/auth-with-keys/*', jwk({ keys: verify_keys, headerName: 'x-custom-auth-header' }))
+
+    app.get('/auth-with-keys/*', (c) => {
+      handlerExecuted = true
+      const payload = c.get('jwtPayload')
+      return c.json(payload)
+    })
+
+    it('Should not authorize', async () => {
+      const req = new Request('http://localhost/auth-with-keys/a')
+      const res = await app.request(req)
+      expect(res).not.toBeNull()
+      expect(res.status).toBe(401)
+      expect(await res.text()).toBe('Unauthorized')
+      expect(handlerExecuted).toBeFalsy()
+    })
+
+    it('Should not authorize even if default authorization header present', async () => {
+      const credential = await Jwt.sign({ message: 'hello world' }, test_keys.private_keys[0])
+
+      const req = new Request('http://localhost/auth-with-keys/a')
+      req.headers.set('Authorization', `Bearer ${credential}`)
+      const res = await app.request(req)
+      expect(res).not.toBeNull()
+      expect(res.status).toBe(401)
+      expect(await res.text()).toBe('Unauthorized')
+      expect(handlerExecuted).toBeFalsy()
+    })
+
+    it('Should authorize', async () => {
+      const credential = await Jwt.sign({ message: 'hello world' }, test_keys.private_keys[1])
+
+      const req = new Request('http://localhost/auth-with-keys/a')
+      req.headers.set('x-custom-auth-header', `Bearer ${credential}`)
+      const res = await app.request(req)
+      expect(res).not.toBeNull()
+      expect(res.status).toBe(200)
+      expect(await res.json()).toEqual({ message: 'hello world' })
+      expect(handlerExecuted).toBeTruthy()
+    })
+  })
+
   describe('Credentials in cookie', () => {
     let handlerExecuted: boolean
 

src/middleware/jwk/jwk.ts

@@ -22,14 +22,18 @@ import type { HonoJsonWebKey } from '../../utils/jwt/jws'
  * @param {string | ((ctx: Context) => Promise<string> | string)} [options.jwks_uri] - If set to a URI string or a function that returns a URI string, attempt to fetch JWKs from it. The response must be a JSON object containing a `keys` array, which will be merged with the `keys` option.
  * @param {boolean} [options.allow_anon] - If set to `true`, the middleware allows requests without a token to proceed without authentication.
  * @param {string} [options.cookie] - If set, the middleware attempts to retrieve the token from a cookie with these options (optionally signed) only if no token is found in the header.
+ * @param {string} [options.headerName='Authorization'] - The name of the header to look for the JWT token. Default is 'Authorization'.
  * @param {RequestInit} [init] - Optional init options for the `fetch` request when retrieving JWKS from a URI.
  * @returns {MiddlewareHandler} The middleware handler function.
  *
  * @example
  * ```ts
  * const app = new Hono()
  *
- * app.use("/auth/*", jwk({ jwks_uri: (c) => `https://${c.env.authServer}/.well-known/jwks.json` }))
+ * app.use("/auth/*", jwk({
+ *   jwks_uri: (c) => `https://${c.env.authServer}/.well-known/jwks.json`,
+ *   headerName: 'x-custom-auth-header', // Optional, default is 'Authorization'
+ * }))
  *
  * app.get('/auth/page', (c) => {
  *   return c.text('You are authorized')
@@ -45,6 +49,7 @@ export const jwk = (
     cookie?:
       | string
       | { key: string; secret?: string | BufferSource; prefixOptions?: CookiePrefixOptions }
+    headerName?: string
   },
   init?: RequestInit
 ): MiddlewareHandler => {
@@ -57,7 +62,9 @@ export const jwk = (
   }
 
   return async function jwk(ctx, next) {
-    const credentials = ctx.req.raw.headers.get('Authorization')
+    const headerName = options.headerName || 'Authorization'
+
+    const credentials = ctx.req.raw.headers.get(headerName)
     let token
     if (credentials) {
       const parts = credentials.split(/\s+/)