[auth/jwt] error handling

[sagikazarmark]

Asked this question on Slack some time ago:

How do you all use the JWT middleware to return proper status codes to the user?

I don't want JWT errors to show up in the server error logs (since they are client errors), so for now I added another endpoint middleware in front of it which converts returned errors to endpoint.Failer instances and returns them as endpoint responses instead of errors.

This also means that I can't use the ServerErrorEncoder to encode these errors. Error encoding is now part of the response encoding, which is also not ideal (I have to add error encoding to all response encoders).

One alternative solution I see is implementing some sort of "filtering" in the ServerErrorHandler to skip client (4xx) errors, like invalid token errors.

I would love to hear other opinions. I also noticed that while the basic auth returns a common error type, jwt auth does not. Is that on purpose?

I just wanted to open an issue for it so that it can serve as a base for future discussions about error handling in go-kit.