2016-04-12 23:18:31 +03:00
|
|
|
package jwt_test
|
|
|
|
|
|
|
|
import (
|
|
|
|
"fmt"
|
2022-05-28 02:11:16 +03:00
|
|
|
"os"
|
2016-04-12 23:18:31 +03:00
|
|
|
"time"
|
2021-05-29 04:26:41 +03:00
|
|
|
|
2021-08-03 16:51:01 +03:00
|
|
|
"github.com/golang-jwt/jwt/v4"
|
2016-04-12 23:18:31 +03:00
|
|
|
)
|
|
|
|
|
|
|
|
// For HMAC signing method, the key can be any []byte. It is recommended to generate
|
|
|
|
// a key using crypto/rand or something equivalent. You need the same key for signing
|
|
|
|
// and validating.
|
|
|
|
var hmacSampleSecret []byte
|
|
|
|
|
|
|
|
func init() {
|
|
|
|
// Load sample key data
|
2022-05-28 02:11:16 +03:00
|
|
|
if keyData, e := os.ReadFile("test/hmacTestKey"); e == nil {
|
2016-04-12 23:18:31 +03:00
|
|
|
hmacSampleSecret = keyData
|
|
|
|
} else {
|
|
|
|
panic(e)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
// Example creating, signing, and encoding a JWT token using the HMAC signing method
|
|
|
|
func ExampleNew_hmac() {
|
|
|
|
// Create a new token object, specifying signing method and the claims
|
|
|
|
// you would like it to contain.
|
|
|
|
token := jwt.NewWithClaims(jwt.SigningMethodHS256, jwt.MapClaims{
|
|
|
|
"foo": "bar",
|
|
|
|
"nbf": time.Date(2015, 10, 10, 12, 0, 0, 0, time.UTC).Unix(),
|
|
|
|
})
|
|
|
|
|
|
|
|
// Sign and get the complete encoded token as a string using the secret
|
|
|
|
tokenString, err := token.SignedString(hmacSampleSecret)
|
|
|
|
|
|
|
|
fmt.Println(tokenString, err)
|
|
|
|
// Output: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJmb28iOiJiYXIiLCJuYmYiOjE0NDQ0Nzg0MDB9.u1riaD1rW97opCoAuRCTy4w58Br-Zk-bh7vLiRIsrpU <nil>
|
|
|
|
}
|
|
|
|
|
|
|
|
// Example parsing and validating a token using the HMAC signing method
|
|
|
|
func ExampleParse_hmac() {
|
|
|
|
// sample token string taken from the New example
|
|
|
|
tokenString := "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJmb28iOiJiYXIiLCJuYmYiOjE0NDQ0Nzg0MDB9.u1riaD1rW97opCoAuRCTy4w58Br-Zk-bh7vLiRIsrpU"
|
|
|
|
|
|
|
|
// Parse takes the token string and a function for looking up the key. The latter is especially
|
|
|
|
// useful if you use multiple keys for your application. The standard is to use 'kid' in the
|
|
|
|
// head of the token to identify which key to use, but the parsed token (head and claims) is provided
|
|
|
|
// to the callback, providing flexibility.
|
|
|
|
token, err := jwt.Parse(tokenString, func(token *jwt.Token) (interface{}, error) {
|
|
|
|
// Don't forget to validate the alg is what you expect:
|
|
|
|
if _, ok := token.Method.(*jwt.SigningMethodHMAC); !ok {
|
|
|
|
return nil, fmt.Errorf("Unexpected signing method: %v", token.Header["alg"])
|
|
|
|
}
|
2021-05-29 04:26:41 +03:00
|
|
|
|
2017-01-04 14:40:11 +03:00
|
|
|
// hmacSampleSecret is a []byte containing your secret, e.g. []byte("my_secret_key")
|
2016-04-12 23:18:31 +03:00
|
|
|
return hmacSampleSecret, nil
|
|
|
|
})
|
|
|
|
|
2016-04-13 00:31:41 +03:00
|
|
|
if claims, ok := token.Claims.(jwt.MapClaims); ok && token.Valid {
|
|
|
|
fmt.Println(claims["foo"], claims["nbf"])
|
2016-04-12 23:18:31 +03:00
|
|
|
} else {
|
|
|
|
fmt.Println(err)
|
|
|
|
}
|
|
|
|
|
|
|
|
// Output: bar 1.4444784e+09
|
|
|
|
}
|