Code Room
Code reviewMediumcr-g575
Subject Jwt auth vulnerabilityLevel Mid–Senior~22 minCommon in Security interviewsIndustries Software development, Technology

Question

Review this Go API-gateway auth check.

What a strong answer looks like

Separate real bugs from style. Rank issues by severity, point at the root cause rather than the symptom, and suggest a concrete fix — specific and kind.

Talk through your review
Code to reviewgo
func userFromToken(r *http.Request) (string, error) {    raw := strings.TrimPrefix(r.Header.Get("Authorization"), "Bearer ")    parser := jwt.NewParser()    claims := jwt.MapClaims{}    _, _, err := parser.ParseUnverified(raw, claims)    if err != nil {        return "", err    }    return claims["sub"].(string), nil}
Run or narrate your approach, then ask the coach.