minor

_examples/auth/jwt/tutorial/README.md

@@ -0,0 +1,50 @@
+# Iris JWT Tutorial
+
+```sh
+$ go run main.go
+```
+
+```sh
+$ curl --location --request POST 'http://localhost:8080/signin' \
+--header 'Content-Type: application/x-www-form-urlencoded' \
+--data-urlencode 'username=admin' \
+--data-urlencode 'password=admin'
+
+> $token
+```
+
+```sh
+$ curl --location --request GET 'http://localhost:8080/todos' \
+--header 'Authorization: Bearer $token'
+
+> $todos
+```
+
+```sh
+$ curl --location --request GET 'http://localhost:8080/todos/$id' \
+--header 'Authorization: Bearer $token'
+
+> $todo
+```
+
+```sh
+$ curl --location --request GET 'http://localhost:8080/admin/todos' \
+--header 'Authorization: Bearer $token'
+
+> $todos
+```
+
+```sh
+$ curl --location --request POST 'http://localhost:8080/todos' \
+--header 'Authorization: Bearer $token' \
+--header 'Content-Type: application/json' \
+--data-raw '{
+    "title": "test titlte",
+    "body": "test body"
+}'
+
+> Status Created
+> $todo
+```
+
+TODO: write the article on https://medium.com/@kataras, https://dev.to/kataras and linkedin first.

_examples/auth/jwt/tutorial/api/auth.go

@@ -113,10 +113,8 @@ func SignIn(repo repository.UserRepository) iris.Handler {
 }
 
 // SignOut invalidates a user from server-side using the jwt Blocklist.
-// It's not used as we don't attach a blocklist, the user can be logged out from our client
-// and we don't use access token so we don't actually need this in this example.
 func SignOut(ctx iris.Context) {
-	ctx.Logout()
+	ctx.Logout() // this is automatically binded to a function which invalidates the current request token by the JWT Verifier above.
 }
 
 // GetClaims returns the current authorized client claims.