2014-12-28 23:24:54 +03:00
|
|
|
package jwt_test
|
|
|
|
|
|
|
|
import (
|
2022-01-20 00:55:19 +03:00
|
|
|
"errors"
|
2014-12-28 23:24:54 +03:00
|
|
|
"fmt"
|
2023-10-09 22:31:36 +03:00
|
|
|
"log"
|
2016-04-12 23:33:20 +03:00
|
|
|
"time"
|
2021-05-29 04:26:41 +03:00
|
|
|
|
2023-02-21 16:32:25 +03:00
|
|
|
"github.com/golang-jwt/jwt/v5"
|
2014-12-28 23:24:54 +03:00
|
|
|
)
|
|
|
|
|
2021-08-22 20:23:13 +03:00
|
|
|
// Example (atypical) using the RegisteredClaims type by itself to parse a token.
|
|
|
|
// The RegisteredClaims type is designed to be embedded into your custom types
|
2016-04-12 23:18:31 +03:00
|
|
|
// to provide standard validation features. You can use it alone, but there's
|
|
|
|
// no way to retrieve other fields after parsing.
|
|
|
|
// See the CustomClaimsType example for intended usage.
|
2021-08-22 20:23:13 +03:00
|
|
|
func ExampleNewWithClaims_registeredClaims() {
|
2015-08-18 23:28:52 +03:00
|
|
|
mySigningKey := []byte("AllYourBase")
|
|
|
|
|
2015-07-20 19:20:18 +03:00
|
|
|
// Create the Claims
|
2021-08-22 20:23:13 +03:00
|
|
|
claims := &jwt.RegisteredClaims{
|
|
|
|
ExpiresAt: jwt.NewNumericDate(time.Unix(1516239022, 0)),
|
2015-07-20 19:20:18 +03:00
|
|
|
Issuer: "test",
|
|
|
|
}
|
|
|
|
|
2015-08-18 23:28:52 +03:00
|
|
|
token := jwt.NewWithClaims(jwt.SigningMethodHS256, claims)
|
|
|
|
ss, err := token.SignedString(mySigningKey)
|
2023-10-09 22:31:36 +03:00
|
|
|
fmt.Println(ss, err)
|
2023-06-21 13:39:55 +03:00
|
|
|
// Output: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJ0ZXN0IiwiZXhwIjoxNTE2MjM5MDIyfQ.0XN_1Tpp9FszFOonIBpwha0c_SfnNI22DhTnjMshPg8 <nil>
|
2015-08-18 23:28:52 +03:00
|
|
|
}
|
|
|
|
|
2021-08-22 20:23:13 +03:00
|
|
|
// Example creating a token using a custom claims type. The RegisteredClaims is embedded
|
|
|
|
// in the custom type to allow for easy encoding, parsing and validation of registered claims.
|
2016-04-12 23:18:31 +03:00
|
|
|
func ExampleNewWithClaims_customClaimsType() {
|
2015-08-18 23:28:52 +03:00
|
|
|
mySigningKey := []byte("AllYourBase")
|
|
|
|
|
|
|
|
type MyCustomClaims struct {
|
|
|
|
Foo string `json:"foo"`
|
2021-08-22 20:23:13 +03:00
|
|
|
jwt.RegisteredClaims
|
2015-08-18 23:28:52 +03:00
|
|
|
}
|
|
|
|
|
2023-03-31 14:20:59 +03:00
|
|
|
// Create claims with multiple fields populated
|
2015-08-18 23:28:52 +03:00
|
|
|
claims := MyCustomClaims{
|
|
|
|
"bar",
|
2021-08-22 20:23:13 +03:00
|
|
|
jwt.RegisteredClaims{
|
|
|
|
// A usual scenario is to set the expiration time relative to the current time
|
|
|
|
ExpiresAt: jwt.NewNumericDate(time.Now().Add(24 * time.Hour)),
|
|
|
|
IssuedAt: jwt.NewNumericDate(time.Now()),
|
|
|
|
NotBefore: jwt.NewNumericDate(time.Now()),
|
|
|
|
Issuer: "test",
|
|
|
|
Subject: "somebody",
|
|
|
|
ID: "1",
|
2024-07-30 13:54:03 +03:00
|
|
|
Audience: jwt.NewClaimStrings([]string{"somebody_else"}),
|
2021-08-22 20:23:13 +03:00
|
|
|
},
|
|
|
|
}
|
|
|
|
|
2023-03-31 14:20:59 +03:00
|
|
|
fmt.Printf("foo: %v\n", claims.Foo)
|
|
|
|
|
2021-08-22 20:23:13 +03:00
|
|
|
// Create claims while leaving out some of the optional fields
|
|
|
|
claims = MyCustomClaims{
|
|
|
|
"bar",
|
|
|
|
jwt.RegisteredClaims{
|
|
|
|
// Also fixed dates can be used for the NumericDate
|
|
|
|
ExpiresAt: jwt.NewNumericDate(time.Unix(1516239022, 0)),
|
2015-08-18 23:28:52 +03:00
|
|
|
Issuer: "test",
|
|
|
|
},
|
|
|
|
}
|
|
|
|
|
|
|
|
token := jwt.NewWithClaims(jwt.SigningMethodHS256, claims)
|
|
|
|
ss, err := token.SignedString(mySigningKey)
|
2023-10-09 22:31:36 +03:00
|
|
|
fmt.Println(ss, err)
|
2021-08-22 20:23:13 +03:00
|
|
|
|
2023-06-21 13:39:55 +03:00
|
|
|
// Output: foo: bar
|
|
|
|
// eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJmb28iOiJiYXIiLCJpc3MiOiJ0ZXN0IiwiZXhwIjoxNTE2MjM5MDIyfQ.xVuY2FZ_MRXMIEgVQ7J-TFtaucVFRXUzHm9LmV41goM <nil>
|
2015-07-20 19:20:18 +03:00
|
|
|
}
|
|
|
|
|
2023-02-21 16:32:25 +03:00
|
|
|
// Example creating a token using a custom claims type. The RegisteredClaims is embedded
|
2016-04-12 23:33:20 +03:00
|
|
|
// in the custom type to allow for easy encoding, parsing and validation of standard claims.
|
|
|
|
func ExampleParseWithClaims_customClaimsType() {
|
2021-08-22 20:23:13 +03:00
|
|
|
tokenString := "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJmb28iOiJiYXIiLCJpc3MiOiJ0ZXN0IiwiYXVkIjoic2luZ2xlIn0.QAWg1vGvnqRuCFTMcPkjZljXHh8U3L_qUjszOtQbeaA"
|
2016-04-12 23:33:20 +03:00
|
|
|
|
|
|
|
type MyCustomClaims struct {
|
|
|
|
Foo string `json:"foo"`
|
2021-08-22 20:23:13 +03:00
|
|
|
jwt.RegisteredClaims
|
2016-04-12 23:33:20 +03:00
|
|
|
}
|
|
|
|
|
2021-08-22 20:23:13 +03:00
|
|
|
token, err := jwt.ParseWithClaims(tokenString, &MyCustomClaims{}, func(token *jwt.Token) (interface{}, error) {
|
|
|
|
return []byte("AllYourBase"), nil
|
2016-04-12 23:33:20 +03:00
|
|
|
})
|
2023-10-09 22:31:36 +03:00
|
|
|
if err != nil {
|
|
|
|
log.Fatal(err)
|
|
|
|
} else if claims, ok := token.Claims.(*MyCustomClaims); ok {
|
|
|
|
fmt.Println(claims.Foo, claims.RegisteredClaims.Issuer)
|
2021-08-22 20:23:13 +03:00
|
|
|
} else {
|
2023-10-09 22:31:36 +03:00
|
|
|
log.Fatal("unknown claims type, cannot proceed")
|
2016-04-12 23:33:20 +03:00
|
|
|
}
|
2021-08-22 20:23:13 +03:00
|
|
|
|
|
|
|
// Output: bar test
|
2016-04-12 23:33:20 +03:00
|
|
|
}
|
|
|
|
|
2023-02-21 16:32:25 +03:00
|
|
|
// Example creating a token using a custom claims type and validation options. The RegisteredClaims is embedded
|
|
|
|
// in the custom type to allow for easy encoding, parsing and validation of standard claims.
|
|
|
|
func ExampleParseWithClaims_validationOptions() {
|
|
|
|
tokenString := "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJmb28iOiJiYXIiLCJpc3MiOiJ0ZXN0IiwiYXVkIjoic2luZ2xlIn0.QAWg1vGvnqRuCFTMcPkjZljXHh8U3L_qUjszOtQbeaA"
|
|
|
|
|
|
|
|
type MyCustomClaims struct {
|
|
|
|
Foo string `json:"foo"`
|
|
|
|
jwt.RegisteredClaims
|
|
|
|
}
|
|
|
|
|
|
|
|
token, err := jwt.ParseWithClaims(tokenString, &MyCustomClaims{}, func(token *jwt.Token) (interface{}, error) {
|
|
|
|
return []byte("AllYourBase"), nil
|
|
|
|
}, jwt.WithLeeway(5*time.Second))
|
2023-10-09 22:31:36 +03:00
|
|
|
if err != nil {
|
|
|
|
log.Fatal(err)
|
|
|
|
} else if claims, ok := token.Claims.(*MyCustomClaims); ok {
|
|
|
|
fmt.Println(claims.Foo, claims.RegisteredClaims.Issuer)
|
2023-02-21 16:32:25 +03:00
|
|
|
} else {
|
2023-10-09 22:31:36 +03:00
|
|
|
log.Fatal("unknown claims type, cannot proceed")
|
2023-02-21 16:32:25 +03:00
|
|
|
}
|
|
|
|
|
|
|
|
// Output: bar test
|
|
|
|
}
|
|
|
|
|
|
|
|
type MyCustomClaims struct {
|
|
|
|
Foo string `json:"foo"`
|
|
|
|
jwt.RegisteredClaims
|
|
|
|
}
|
|
|
|
|
2023-09-13 16:34:54 +03:00
|
|
|
// Ensure we implement [jwt.ClaimsValidator] at compile time so we know our custom Validate method is used.
|
|
|
|
var _ jwt.ClaimsValidator = (*MyCustomClaims)(nil)
|
|
|
|
|
2023-02-21 16:32:25 +03:00
|
|
|
// Validate can be used to execute additional application-specific claims
|
|
|
|
// validation.
|
|
|
|
func (m MyCustomClaims) Validate() error {
|
|
|
|
if m.Foo != "bar" {
|
|
|
|
return errors.New("must be foobar")
|
|
|
|
}
|
|
|
|
|
|
|
|
return nil
|
|
|
|
}
|
|
|
|
|
|
|
|
// Example creating a token using a custom claims type and validation options.
|
|
|
|
// The RegisteredClaims is embedded in the custom type to allow for easy
|
|
|
|
// encoding, parsing and validation of standard claims and the function
|
|
|
|
// CustomValidation is implemented.
|
|
|
|
func ExampleParseWithClaims_customValidation() {
|
|
|
|
tokenString := "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJmb28iOiJiYXIiLCJpc3MiOiJ0ZXN0IiwiYXVkIjoic2luZ2xlIn0.QAWg1vGvnqRuCFTMcPkjZljXHh8U3L_qUjszOtQbeaA"
|
|
|
|
|
|
|
|
token, err := jwt.ParseWithClaims(tokenString, &MyCustomClaims{}, func(token *jwt.Token) (interface{}, error) {
|
|
|
|
return []byte("AllYourBase"), nil
|
|
|
|
}, jwt.WithLeeway(5*time.Second))
|
2023-10-09 22:31:36 +03:00
|
|
|
if err != nil {
|
|
|
|
log.Fatal(err)
|
|
|
|
} else if claims, ok := token.Claims.(*MyCustomClaims); ok {
|
|
|
|
fmt.Println(claims.Foo, claims.RegisteredClaims.Issuer)
|
2023-02-21 16:32:25 +03:00
|
|
|
} else {
|
2023-10-09 22:31:36 +03:00
|
|
|
log.Fatal("unknown claims type, cannot proceed")
|
2023-02-21 16:32:25 +03:00
|
|
|
}
|
|
|
|
|
|
|
|
// Output: bar test
|
|
|
|
}
|
|
|
|
|
|
|
|
// An example of parsing the error types using errors.Is.
|
2016-04-12 23:18:31 +03:00
|
|
|
func ExampleParse_errorChecking() {
|
|
|
|
// Token from another example. This token is expired
|
|
|
|
var tokenString = "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJmb28iOiJiYXIiLCJleHAiOjE1MDAwLCJpc3MiOiJ0ZXN0In0.HE7fK0xOQwFEr4WDgRWj4teRPZ6i3GLwD5YCm6Pwu_c"
|
|
|
|
|
|
|
|
token, err := jwt.Parse(tokenString, func(token *jwt.Token) (interface{}, error) {
|
|
|
|
return []byte("AllYourBase"), nil
|
2014-12-28 23:44:46 +03:00
|
|
|
})
|
|
|
|
|
2023-07-18 09:44:48 +03:00
|
|
|
switch {
|
|
|
|
case token.Valid:
|
2014-12-28 23:44:46 +03:00
|
|
|
fmt.Println("You look nice today")
|
2023-07-18 09:44:48 +03:00
|
|
|
case errors.Is(err, jwt.ErrTokenMalformed):
|
2022-01-20 00:55:19 +03:00
|
|
|
fmt.Println("That's not even a token")
|
2023-07-18 09:44:48 +03:00
|
|
|
case errors.Is(err, jwt.ErrTokenSignatureInvalid):
|
2023-03-25 01:11:38 +03:00
|
|
|
// Invalid signature
|
|
|
|
fmt.Println("Invalid signature")
|
2023-07-18 09:44:48 +03:00
|
|
|
case errors.Is(err, jwt.ErrTokenExpired) || errors.Is(err, jwt.ErrTokenNotValidYet):
|
2022-01-20 00:55:19 +03:00
|
|
|
// Token is either expired or not active yet
|
|
|
|
fmt.Println("Timing is everything")
|
2023-07-18 09:44:48 +03:00
|
|
|
default:
|
2014-12-28 23:44:46 +03:00
|
|
|
fmt.Println("Couldn't handle this token:", err)
|
|
|
|
}
|
|
|
|
|
2016-04-12 23:18:31 +03:00
|
|
|
// Output: Timing is everything
|
2014-12-28 23:44:46 +03:00
|
|
|
}
|