From 3a4075131427dc307a87968c0a14d14afaf587d0 Mon Sep 17 00:00:00 2001
From: Bastiaan Bakker <bbakker@xebia.com>
Date: Fri, 27 Nov 2015 17:23:15 +0100
Subject: [PATCH] auth(): separate retrieval of bearer token from verification,
 so we can verify tokens not located in the Authorization header.

---
 nginx-jwt.lua | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/nginx-jwt.lua b/nginx-jwt.lua
index 482765a..884aa0d 100644
--- a/nginx-jwt.lua
+++ b/nginx-jwt.lua
@@ -35,7 +35,10 @@ function M.auth(claim_specs)
 
     -- require Bearer token
     local _, _, token = string.find(auth_header, "Bearer%s+(.+)")
+    return M.auth_token(token, claim_specs)
+end
 
+function M.auth_token(token, claim_specs)
     if token == nil then
         ngx.log(ngx.WARN, "Missing token")
         ngx.exit(ngx.HTTP_UNAUTHORIZED)