1e76606719
Key rotation with VerificationKeySet ( #344 )
2023-09-12 21:29:27 -04:00
1691aa9e6f
Bump actions/checkout from 3 to 4 ( #346 )
...
Bumps [actions/checkout](https://github.com/actions/checkout ) from 3 to 4.
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](https://github.com/actions/checkout/compare/v3...v4 )
---
updated-dependencies:
- dependency-name: actions/checkout
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-09-11 12:07:39 +02:00
27ff2f3868
Update ci workflows (add go1.21) ( #345 )
2023-09-09 18:22:02 -04:00
6879d2cf1f
Update ParseUnverified godoc ( #341 )
2023-08-22 14:26:47 -04:00
78e25d6b09
Avoid use of json.NewDecoder ( #313 )
...
* Avoid use of json.NewDecoder
Avoid use of json.NewDecoder if not needed.
Resolves #303
2023-08-15 17:06:50 +02:00
8aa5d6cef8
Refactor to use strings.EqualFold ( #329 )
2023-08-03 11:27:46 -04:00
fc86f52277
Refactor by removing unnecessary []byte conversion to string ( #330 )
2023-08-03 11:26:45 -04:00
8b7470d561
perf: quick way to validate token string ( #302 )
2023-07-20 21:35:04 +02:00
873d96d0a0
Refactor code by using switch instead of if-else ( #318 )
2023-07-18 08:44:48 +02:00
f53600aa9f
Refactor example: use io.ReadAll instead of io.Copy ( #320 )
2023-07-18 08:42:22 +02:00
b2b650971a
Reformat code: add whitespaces, remove empty lines ( #319 )
2023-06-21 12:39:55 +02:00
33d62b4dae
Fix typos in comments and test names ( #317 )
2023-06-13 15:12:40 +02:00
0da169122f
Using jwt's native `ErrInvalidType` instead of `json.UnsupportedTypeError` ( #316 )
...
Previously, when parsing claim values, we used `json.UnsupportedTypeError` to denote if a claim string value is not of the correct type. However, this could lead to panics if a nil value is present and the `Error` function of the `json.UnsupportedTypeError` is called, which does not check for nil types.
Instead, we just now use `ErrInvalidType` similar to the map claims.
Fixes #315
2023-06-09 14:54:51 +02:00
5e00fbc8e7
enable jwt.ParsePublicKeyFromPEM to parse PKCS1 Public Key ( #120 )
2023-04-17 18:59:03 +02:00
6c9126f9c6
Last Documentation cleanups for `v5` release ( #291 )
...
* Updated MIGRATION_GUIDE.md after changes to Token and Parser
* Updated doc
* Cleanup of README and refer to project page
* Update MIGRATION_GUIDE.md
Co-authored-by: Michael Fridman <mf192@icloud.com>
* Wrapping markdown files at 80
---------
Co-authored-by: Michael Fridman <mf192@icloud.com>
2023-04-10 10:33:52 +02:00
5ea71e36a0
Added coverage reporting ( #304 )
...
Co-authored-by: Michael Fridman <mf192@icloud.com>
2023-04-10 10:23:00 +02:00
b88a60f2d7
Bump actions/setup-go from 3 to 4 ( #300 )
...
Bumps [actions/setup-go](https://github.com/actions/setup-go ) from 3 to 4.
- [Release notes](https://github.com/actions/setup-go/releases )
- [Commits](https://github.com/actions/setup-go/compare/v3...v4 )
---
updated-dependencies:
- dependency-name: actions/setup-go
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-03-31 13:29:59 +02:00
7342a71265
Bump actions/checkout from 2 to 3 ( #299 )
...
Bumps [actions/checkout](https://github.com/actions/checkout ) from 2 to 3.
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](https://github.com/actions/checkout/compare/v2...v3 )
---
updated-dependencies:
- dependency-name: actions/checkout
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-03-31 13:29:34 +02:00
8cde7faf81
Added dependabot updates for GitHub actions ( #298 )
2023-03-31 13:26:46 +02:00
15f96b0627
Add golangci-lint ( #279 )
...
* Add golangci-lint-action
* Upgrading CodeQL to v2
* Fixed linting errors
---------
Co-authored-by: Christian Banse <oxisto@aybaze.com>
2023-03-31 13:20:59 +02:00
843e9bfe4d
add documentation to hmac `Verify` & `Sign` to detail why string is not an advisable input for key ( #249 )
...
* add documentation around Verify & Sign to detail why string is not an advisable input for key
* Refer to the usage guide
---------
Co-authored-by: Dillon Streator <dillonstreator@Dillons-2nd-MacBook-Pro.local>
Co-authored-by: Christian Banse <oxisto@aybaze.com>
2023-03-31 13:19:48 +02:00
1c4047f488
Adjusting the error checking example ( #270 )
...
This PR adjusts the error checking example so that a check for an invalid signature is also included.
See discussion in #143
2023-03-24 23:11:38 +01:00
b357385d3e
Moving `DecodeSegement` to `Parser` ( #278 )
...
* Moving `DecodeSegement` to `Parser`
This would allow us to remove some global variables and move them to parser options as well as potentially introduce interfaces for json and b64 encoding/decoding to replace the std lib, if someone wanted to do that for performance reasons.
We keep the functions exported because of explicit user demand.
* Sign/Verify does take the decoded form now
2023-03-24 19:13:09 +01:00
c6ec5a22b4
Update MIGRATION_GUIDE.md ( #289 )
...
* Update MIGRATION_GUIDE.md
Saw one typo, spent a few minutes improving a few paragraphs.
2023-03-24 19:10:52 +01:00
0d2f0d4809
remove string slice and strings.join ( #115 )
2023-02-21 21:28:00 -05:00
148d710109
`v5` Pre-Release ( #234 )
...
Co-authored-by: Micah Parks <66095735+MicahParks@users.noreply.github.com>
Co-authored-by: Michael Fridman <mf192@icloud.com>
2023-02-21 14:32:25 +01:00
4fd5621d8d
Added GitHub Actions Markdown ( #260 )
2023-02-19 14:01:18 +01:00
9358574a7a
Allow strict base64 decoding ( #259 )
...
By default base64 decoder works in non-strict mode which
allows tweaking signatures having padding without failing validation.
This creates a potential problem if application treats token value as an identifier.
For example ES256 signature has length of 64 bytes and two padding symbols (stripped by default).
Therefore its base64-encoded value can only end with A, Q, g and w.
In non-strict mode last symbol could be tweaked resulting in 16 distinct
token values having the same signature and passing validation.
This change adds backward-compatible global config variable DecodeStrict
(similar to existing DecodePaddingAllowed) that enables strict base64 decoder mode.
See also https://github.com/golang/go/issues/15656 .
Signed-off-by: Alexander Yastrebov <yastrebov.alex@gmail.com>
2022-12-09 18:04:03 +01:00
2f0984a28b
Using `tparse` for nicer CI test display ( #251 )
2022-11-29 10:00:41 -05:00
2101c1f4bc
No pointer embedding in the example ( #255 )
...
Fixes #223
2022-11-08 15:43:45 +01:00
35053d4e20
Removed unneeded if statement ( #241 )
2022-10-15 14:38:07 +02:00
0c4e387985
Add doc comment to ParseWithClaims ( #232 )
2022-09-26 10:01:52 -04:00
bfea432b1a
Include https://github.com/golang-jwt/jwe in README ( #229 )
2022-08-20 17:04:58 +02:00
d81acbf7f3
Bump matrix to support latest go version (go1.19) ( #231 )
...
* Bump matrix to support latest go version (go1.19)
* Fix comment
2022-08-20 16:53:04 +02:00
fdaf0eb0e0
Implement a BearerExtractor ( #226 )
...
* Implement a BearerExtractor
This is a rather common extractor; it extracts the JWT from the HTTP
Authorization header, expecting it to include the "Bearer " prefix.
This patterns is rather common and this snippet is repeated in enough
applications that it's probably best to just include it upstream and
allow reusing it.
* Ignore case-sensitivity for "Bearer"
2022-08-19 13:59:36 +02:00
f2878bb94b
fix: link update for README.md for v4 ( #217 )
...
Co-authored-by: Christian Banse <oxisto@aybaze.com>
2022-08-15 12:45:52 +02:00
9294af54b5
chore: remove unused claims in RSA table driven test ( #212 )
2022-06-04 08:03:41 -04:00
2da0bf7566
Fixed integer overflow in NumericDate.MarshalJSON ( #200 )
2022-06-03 22:13:34 -04:00
8fb42696ff
Update SECURITY.md ( #207 )
2022-05-28 21:53:11 +02:00
cf43decf7c
Create SECURITY.md ( #171 )
2022-05-28 12:40:34 -04:00
4426925f0c
CI check for Go code formatting ( #206 )
...
Signed-off-by: jay-dee7 <jasdeepsingh.uppal@gmail.com>
Co-authored-by: jay-dee7 <jasdeepsingh.uppal@gmail.com>
2022-05-28 16:03:15 +02:00
f6c6299f67
chore: replace ioutil with io and os ( #198 )
2022-05-27 19:11:16 -04:00
89a6400b7f
add installation guidelines to the README file ( #204 )
2022-05-27 19:07:25 -04:00
6e2ab4291f
docs: update link to pkg.go.dev page ( #195 )
2022-04-19 17:45:50 +02:00
83478b3c8f
Added MicahParks/keyfunc to extensions ( #194 )
2022-04-18 22:01:59 +02:00
0972257eba
Revert "feat: port clockskew support ( #139 )" ( #184 )
...
This reverts commit d489c99d3e
2022-03-26 10:13:03 -04:00
1096e506e6
Add go1.18 to ci pipeline ( #173 )
2022-03-18 07:15:45 -04:00
d489c99d3e
feat: port clockskew support ( #139 )
...
Co-authored-by: Kolawole Segun <Kolawole.Segun@kyndryl.com>
Co-authored-by: Christian Banse <oxisto@aybaze.com>
2022-03-08 08:43:46 +01:00
6de17d3b3e
fix: expired token error message ( #165 )
2022-02-15 08:31:33 -05:00
279dd19720
Set json encoding precision ( #162 )
2022-02-09 21:54:31 -05:00
Michael Fridman