Commit Graph

445 Commits

Author SHA1 Message Date
Christian Banse bc8bdca5cc
Update SECURITY.md (#416) 2024-11-04 07:57:43 +01:00
kvii 5ec246c074
docs: typo (#407) 2024-09-05 20:39:08 -04:00
Alexander Yastrebov 0123f1ad66
Fix jwt -show (#406) 2024-09-05 20:38:10 -04:00
Michael Fridman f961c72abd
chore: bump ci tests to include go1.23 (#405) 2024-08-16 08:47:03 -04:00
dependabot[bot] 62e504c281
Bump golangci/golangci-lint-action from 5 to 6 (#389)
Bumps [golangci/golangci-lint-action](https://github.com/golangci/golangci-lint-action) from 5 to 6.
- [Release notes](https://github.com/golangci/golangci-lint-action/releases)
- [Commits](https://github.com/golangci/golangci-lint-action/compare/v5...v6)

---
updated-dependencies:
- dependency-name: golangci/golangci-lint-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-05-13 08:06:47 -04:00
dependabot[bot] 1a56dcf532
Bump golangci/golangci-lint-action from 4 to 5 (#387)
Bumps [golangci/golangci-lint-action](https://github.com/golangci/golangci-lint-action) from 4 to 5.
- [Release notes](https://github.com/golangci/golangci-lint-action/releases)
- [Commits](https://github.com/golangci/golangci-lint-action/compare/v4...v5)

---
updated-dependencies:
- dependency-name: golangci/golangci-lint-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-04-29 12:14:30 +02:00
Michael Fridman c8043eab61
build: add go1.22 to ci workflows (#383) 2024-03-15 22:24:06 -04:00
Ashik Paul 7c3f6dc563
Update README.md (#382) 2024-03-15 22:21:28 -04:00
dependabot[bot] 80dccb9209
Bump golangci/golangci-lint-action from 3 to 4 (#379)
Bumps [golangci/golangci-lint-action](https://github.com/golangci/golangci-lint-action) from 3 to 4.
- [Release notes](https://github.com/golangci/golangci-lint-action/releases)
- [Commits](https://github.com/golangci/golangci-lint-action/compare/v3...v4)

---
updated-dependencies:
- dependency-name: golangci/golangci-lint-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-02-12 12:49:14 +01:00
Shinya Sakae 6bcdd9d5b6
Fix error return from HMAC signing method (#371) 2024-01-25 22:10:11 -05:00
Tim Scheuermann 3c0777d0c9
Fixes typo in ecdsa error message (#373) 2024-01-12 19:22:13 +01:00
Håvard Anda Estensen 4d0edcd99c
chore: remove unnecessary conversions from tests (#370) 2023-12-21 13:42:56 -05:00
dependabot[bot] 9980931f80
Bump github/codeql-action from 2 to 3 (#369) 2023-12-19 19:35:01 -05:00
dependabot[bot] 8ab6606c2f
Bump actions/setup-go from 4 to 5 (#365)
Bumps [actions/setup-go](https://github.com/actions/setup-go) from 4 to 5.
- [Release notes](https://github.com/actions/setup-go/releases)
- [Commits](https://github.com/actions/setup-go/compare/v4...v5)

---
updated-dependencies:
- dependency-name: actions/setup-go
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-12-11 11:42:49 +01:00
John Barham b27c88965d
Update MIGRATION_GUIDE.md (#363)
Use correct path for v4 migration
2023-11-24 08:36:09 +01:00
Laurin-Notemann b05644bf94
Improve ErrInvalidKeyType error messages (#361)
* Improve ErrInvalidKeyType error message

* add specific expected type to error message

* fix ErrInvalidKey error to ErrInvalidKeyType in rsa and rsapss

* format

* revert changes from example_test.go remove the comments

* fix: udpate the signing names to uppercase
2023-11-17 19:45:07 +01:00
Christian Banse a49fa5d91d
Exported `NewValidator` (#349)
* Exported `NewValidator`

Previously, we had `newValidator` as a private function. This PR exports this function so that validation can be done independently of parsing the claim.
2023-11-08 14:21:44 +01:00
Craig Pastro c776b83291
Add error handling to examples (#312) 2023-10-09 21:31:36 +02:00
Tarek Sharafi 908d356713
feat: allow making exp claim required (#351) 2023-10-09 19:58:20 +02:00
Mike Fridman 0cb4fa15e3 docs: fix comment in KeyFunc 2023-09-13 09:39:26 -04:00
Ed Pelc c80de55abe
Add explicit ClaimsValidator implementation check for custom claims (#343)
* Add explicit ClaimsValidator implementation check for custom claims

Prevent user from misnaming or fat fingering the Validate() method implementation.

* Update example_test.go

---------

Co-authored-by: Christian Banse <oxisto@aybaze.com>
2023-09-13 15:34:54 +02:00
Michael Fridman 1e76606719
Key rotation with VerificationKeySet (#344) 2023-09-12 21:29:27 -04:00
dependabot[bot] 1691aa9e6f
Bump actions/checkout from 3 to 4 (#346)
Bumps [actions/checkout](https://github.com/actions/checkout) from 3 to 4.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/checkout/compare/v3...v4)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-09-11 12:07:39 +02:00
Michael Fridman 27ff2f3868
Update ci workflows (add go1.21) (#345) 2023-09-09 18:22:02 -04:00
Eduardo Haesbaert 6879d2cf1f
Update ParseUnverified godoc (#341) 2023-08-22 14:26:47 -04:00
Craig Pastro 78e25d6b09
Avoid use of json.NewDecoder (#313)
* Avoid use of json.NewDecoder

Avoid use of json.NewDecoder if not needed.

Resolves #303
2023-08-15 17:06:50 +02:00
Oleksandr Redko 8aa5d6cef8
Refactor to use strings.EqualFold (#329) 2023-08-03 11:27:46 -04:00
Oleksandr Redko fc86f52277
Refactor by removing unnecessary []byte conversion to string (#330) 2023-08-03 11:26:45 -04:00
Dcalsky 8b7470d561
perf: quick way to validate token string (#302) 2023-07-20 21:35:04 +02:00
Oleksandr Redko 873d96d0a0
Refactor code by using switch instead of if-else (#318) 2023-07-18 08:44:48 +02:00
Oleksandr Redko f53600aa9f
Refactor example: use io.ReadAll instead of io.Copy (#320) 2023-07-18 08:42:22 +02:00
Oleksandr Redko b2b650971a
Reformat code: add whitespaces, remove empty lines (#319) 2023-06-21 12:39:55 +02:00
Oleksandr Redko 33d62b4dae
Fix typos in comments and test names (#317) 2023-06-13 15:12:40 +02:00
Christian Banse 0da169122f
Using jwt's native `ErrInvalidType` instead of `json.UnsupportedTypeError` (#316)
Previously, when parsing claim values, we used `json.UnsupportedTypeError` to denote if a claim string value is not of the correct type. However, this could lead to panics if a nil value is present and the `Error` function of the `json.UnsupportedTypeError` is called, which does not check for nil types.

Instead, we just now use `ErrInvalidType` similar to the map claims.

Fixes #315
2023-06-09 14:54:51 +02:00
Tom Anderson 5e00fbc8e7
enable jwt.ParsePublicKeyFromPEM to parse PKCS1 Public Key (#120) 2023-04-17 18:59:03 +02:00
Christian Banse 6c9126f9c6
Last Documentation cleanups for `v5` release (#291)
* Updated MIGRATION_GUIDE.md after changes to Token and Parser

* Updated doc

* Cleanup of README and refer to project page

* Update MIGRATION_GUIDE.md

Co-authored-by: Michael Fridman <mf192@icloud.com>

* Wrapping markdown files at 80

---------

Co-authored-by: Michael Fridman <mf192@icloud.com>
2023-04-10 10:33:52 +02:00
Christian Banse 5ea71e36a0
Added coverage reporting (#304)
Co-authored-by: Michael Fridman <mf192@icloud.com>
2023-04-10 10:23:00 +02:00
dependabot[bot] b88a60f2d7
Bump actions/setup-go from 3 to 4 (#300)
Bumps [actions/setup-go](https://github.com/actions/setup-go) from 3 to 4.
- [Release notes](https://github.com/actions/setup-go/releases)
- [Commits](https://github.com/actions/setup-go/compare/v3...v4)

---
updated-dependencies:
- dependency-name: actions/setup-go
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-03-31 13:29:59 +02:00
dependabot[bot] 7342a71265
Bump actions/checkout from 2 to 3 (#299)
Bumps [actions/checkout](https://github.com/actions/checkout) from 2 to 3.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/checkout/compare/v2...v3)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-03-31 13:29:34 +02:00
Christian Banse 8cde7faf81
Added dependabot updates for GitHub actions (#298) 2023-03-31 13:26:46 +02:00
Michael Fridman 15f96b0627
Add golangci-lint (#279)
* Add golangci-lint-action

* Upgrading CodeQL to v2

* Fixed linting errors

---------

Co-authored-by: Christian Banse <oxisto@aybaze.com>
2023-03-31 13:20:59 +02:00
dillonstreator 843e9bfe4d
add documentation to hmac `Verify` & `Sign` to detail why string is not an advisable input for key (#249)
* add documentation around Verify & Sign to detail why string is not an advisable input for key

* Refer to the usage guide

---------

Co-authored-by: Dillon Streator <dillonstreator@Dillons-2nd-MacBook-Pro.local>
Co-authored-by: Christian Banse <oxisto@aybaze.com>
2023-03-31 13:19:48 +02:00
Christian Banse 1c4047f488
Adjusting the error checking example (#270)
This PR adjusts the error checking example so that a check for an invalid signature is also included.

See discussion in #143
2023-03-24 23:11:38 +01:00
Christian Banse b357385d3e
Moving `DecodeSegement` to `Parser` (#278)
* Moving `DecodeSegement` to `Parser`

This would allow us to remove some global variables and move them to parser options as well as potentially introduce interfaces for json and b64 encoding/decoding to replace the std lib, if someone wanted to do that for performance reasons.

We keep the functions exported because of explicit user demand.

* Sign/Verify does take the decoded form now
2023-03-24 19:13:09 +01:00
Liam Newman c6ec5a22b4
Update MIGRATION_GUIDE.md (#289)
* Update MIGRATION_GUIDE.md

Saw one typo, spent a few minutes improving a few paragraphs.
2023-03-24 19:10:52 +01:00
Mones Zarrugh 0d2f0d4809
remove string slice and strings.join (#115) 2023-02-21 21:28:00 -05:00
Christian Banse 148d710109
`v5` Pre-Release (#234)
Co-authored-by: Micah Parks <66095735+MicahParks@users.noreply.github.com>
Co-authored-by: Michael Fridman <mf192@icloud.com>
2023-02-21 14:32:25 +01:00
Christian Banse 4fd5621d8d
Added GitHub Actions Markdown (#260) 2023-02-19 14:01:18 +01:00
Alexander Yastrebov 9358574a7a
Allow strict base64 decoding (#259)
By default base64 decoder works in non-strict mode which
allows tweaking signatures having padding without failing validation.

This creates a potential problem if application treats token value as an identifier.

For example ES256 signature has length of 64 bytes and two padding symbols (stripped by default).
Therefore its base64-encoded value can only end with A, Q, g and w.
In non-strict mode last symbol could be tweaked resulting in 16 distinct
token values having the same signature and passing validation.

This change adds backward-compatible global config variable DecodeStrict
(similar to existing DecodePaddingAllowed) that enables strict base64 decoder mode.

See also https://github.com/golang/go/issues/15656.

Signed-off-by: Alexander Yastrebov <yastrebov.alex@gmail.com>
2022-12-09 18:04:03 +01:00
Christian Banse 2f0984a28b
Using `tparse` for nicer CI test display (#251) 2022-11-29 10:00:41 -05:00