Lukas Gruber
48c6492764
allow multiple audiences
2024-12-17 16:45:55 +01:00
Christian Banse
bc8bdca5cc
Update SECURITY.md ( #416 )
2024-11-04 07:57:43 +01:00
kvii
5ec246c074
docs: typo ( #407 )
2024-09-05 20:39:08 -04:00
Alexander Yastrebov
0123f1ad66
Fix jwt -show ( #406 )
2024-09-05 20:38:10 -04:00
Michael Fridman
f961c72abd
chore: bump ci tests to include go1.23 ( #405 )
2024-08-16 08:47:03 -04:00
dependabot[bot]
62e504c281
Bump golangci/golangci-lint-action from 5 to 6 ( #389 )
...
Bumps [golangci/golangci-lint-action](https://github.com/golangci/golangci-lint-action ) from 5 to 6.
- [Release notes](https://github.com/golangci/golangci-lint-action/releases )
- [Commits](https://github.com/golangci/golangci-lint-action/compare/v5...v6 )
---
updated-dependencies:
- dependency-name: golangci/golangci-lint-action
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-05-13 08:06:47 -04:00
dependabot[bot]
1a56dcf532
Bump golangci/golangci-lint-action from 4 to 5 ( #387 )
...
Bumps [golangci/golangci-lint-action](https://github.com/golangci/golangci-lint-action ) from 4 to 5.
- [Release notes](https://github.com/golangci/golangci-lint-action/releases )
- [Commits](https://github.com/golangci/golangci-lint-action/compare/v4...v5 )
---
updated-dependencies:
- dependency-name: golangci/golangci-lint-action
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-04-29 12:14:30 +02:00
Michael Fridman
c8043eab61
build: add go1.22 to ci workflows ( #383 )
2024-03-15 22:24:06 -04:00
Ashik Paul
7c3f6dc563
Update README.md ( #382 )
2024-03-15 22:21:28 -04:00
dependabot[bot]
80dccb9209
Bump golangci/golangci-lint-action from 3 to 4 ( #379 )
...
Bumps [golangci/golangci-lint-action](https://github.com/golangci/golangci-lint-action ) from 3 to 4.
- [Release notes](https://github.com/golangci/golangci-lint-action/releases )
- [Commits](https://github.com/golangci/golangci-lint-action/compare/v3...v4 )
---
updated-dependencies:
- dependency-name: golangci/golangci-lint-action
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-02-12 12:49:14 +01:00
Shinya Sakae
6bcdd9d5b6
Fix error return from HMAC signing method ( #371 )
2024-01-25 22:10:11 -05:00
Tim Scheuermann
3c0777d0c9
Fixes typo in ecdsa error message ( #373 )
2024-01-12 19:22:13 +01:00
Håvard Anda Estensen
4d0edcd99c
chore: remove unnecessary conversions from tests ( #370 )
2023-12-21 13:42:56 -05:00
dependabot[bot]
9980931f80
Bump github/codeql-action from 2 to 3 ( #369 )
2023-12-19 19:35:01 -05:00
dependabot[bot]
8ab6606c2f
Bump actions/setup-go from 4 to 5 ( #365 )
...
Bumps [actions/setup-go](https://github.com/actions/setup-go ) from 4 to 5.
- [Release notes](https://github.com/actions/setup-go/releases )
- [Commits](https://github.com/actions/setup-go/compare/v4...v5 )
---
updated-dependencies:
- dependency-name: actions/setup-go
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-12-11 11:42:49 +01:00
John Barham
b27c88965d
Update MIGRATION_GUIDE.md ( #363 )
...
Use correct path for v4 migration
2023-11-24 08:36:09 +01:00
Laurin-Notemann
b05644bf94
Improve ErrInvalidKeyType error messages ( #361 )
...
* Improve ErrInvalidKeyType error message
* add specific expected type to error message
* fix ErrInvalidKey error to ErrInvalidKeyType in rsa and rsapss
* format
* revert changes from example_test.go remove the comments
* fix: udpate the signing names to uppercase
2023-11-17 19:45:07 +01:00
Christian Banse
a49fa5d91d
Exported `NewValidator` ( #349 )
...
* Exported `NewValidator`
Previously, we had `newValidator` as a private function. This PR exports this function so that validation can be done independently of parsing the claim.
2023-11-08 14:21:44 +01:00
Craig Pastro
c776b83291
Add error handling to examples ( #312 )
2023-10-09 21:31:36 +02:00
Tarek Sharafi
908d356713
feat: allow making exp claim required ( #351 )
2023-10-09 19:58:20 +02:00
Mike Fridman
0cb4fa15e3
docs: fix comment in KeyFunc
2023-09-13 09:39:26 -04:00
Ed Pelc
c80de55abe
Add explicit ClaimsValidator implementation check for custom claims ( #343 )
...
* Add explicit ClaimsValidator implementation check for custom claims
Prevent user from misnaming or fat fingering the Validate() method implementation.
* Update example_test.go
---------
Co-authored-by: Christian Banse <oxisto@aybaze.com>
2023-09-13 15:34:54 +02:00
Michael Fridman
1e76606719
Key rotation with VerificationKeySet ( #344 )
2023-09-12 21:29:27 -04:00
dependabot[bot]
1691aa9e6f
Bump actions/checkout from 3 to 4 ( #346 )
...
Bumps [actions/checkout](https://github.com/actions/checkout ) from 3 to 4.
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](https://github.com/actions/checkout/compare/v3...v4 )
---
updated-dependencies:
- dependency-name: actions/checkout
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-09-11 12:07:39 +02:00
Michael Fridman
27ff2f3868
Update ci workflows (add go1.21) ( #345 )
2023-09-09 18:22:02 -04:00
Eduardo Haesbaert
6879d2cf1f
Update ParseUnverified godoc ( #341 )
2023-08-22 14:26:47 -04:00
Craig Pastro
78e25d6b09
Avoid use of json.NewDecoder ( #313 )
...
* Avoid use of json.NewDecoder
Avoid use of json.NewDecoder if not needed.
Resolves #303
2023-08-15 17:06:50 +02:00
Oleksandr Redko
8aa5d6cef8
Refactor to use strings.EqualFold ( #329 )
2023-08-03 11:27:46 -04:00
Oleksandr Redko
fc86f52277
Refactor by removing unnecessary []byte conversion to string ( #330 )
2023-08-03 11:26:45 -04:00
Dcalsky
8b7470d561
perf: quick way to validate token string ( #302 )
2023-07-20 21:35:04 +02:00
Oleksandr Redko
873d96d0a0
Refactor code by using switch instead of if-else ( #318 )
2023-07-18 08:44:48 +02:00
Oleksandr Redko
f53600aa9f
Refactor example: use io.ReadAll instead of io.Copy ( #320 )
2023-07-18 08:42:22 +02:00
Oleksandr Redko
b2b650971a
Reformat code: add whitespaces, remove empty lines ( #319 )
2023-06-21 12:39:55 +02:00
Oleksandr Redko
33d62b4dae
Fix typos in comments and test names ( #317 )
2023-06-13 15:12:40 +02:00
Christian Banse
0da169122f
Using jwt's native `ErrInvalidType` instead of `json.UnsupportedTypeError` ( #316 )
...
Previously, when parsing claim values, we used `json.UnsupportedTypeError` to denote if a claim string value is not of the correct type. However, this could lead to panics if a nil value is present and the `Error` function of the `json.UnsupportedTypeError` is called, which does not check for nil types.
Instead, we just now use `ErrInvalidType` similar to the map claims.
Fixes #315
2023-06-09 14:54:51 +02:00
Tom Anderson
5e00fbc8e7
enable jwt.ParsePublicKeyFromPEM to parse PKCS1 Public Key ( #120 )
2023-04-17 18:59:03 +02:00
Christian Banse
6c9126f9c6
Last Documentation cleanups for `v5` release ( #291 )
...
* Updated MIGRATION_GUIDE.md after changes to Token and Parser
* Updated doc
* Cleanup of README and refer to project page
* Update MIGRATION_GUIDE.md
Co-authored-by: Michael Fridman <mf192@icloud.com>
* Wrapping markdown files at 80
---------
Co-authored-by: Michael Fridman <mf192@icloud.com>
2023-04-10 10:33:52 +02:00
Christian Banse
5ea71e36a0
Added coverage reporting ( #304 )
...
Co-authored-by: Michael Fridman <mf192@icloud.com>
2023-04-10 10:23:00 +02:00
dependabot[bot]
b88a60f2d7
Bump actions/setup-go from 3 to 4 ( #300 )
...
Bumps [actions/setup-go](https://github.com/actions/setup-go ) from 3 to 4.
- [Release notes](https://github.com/actions/setup-go/releases )
- [Commits](https://github.com/actions/setup-go/compare/v3...v4 )
---
updated-dependencies:
- dependency-name: actions/setup-go
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-03-31 13:29:59 +02:00
dependabot[bot]
7342a71265
Bump actions/checkout from 2 to 3 ( #299 )
...
Bumps [actions/checkout](https://github.com/actions/checkout ) from 2 to 3.
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](https://github.com/actions/checkout/compare/v2...v3 )
---
updated-dependencies:
- dependency-name: actions/checkout
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-03-31 13:29:34 +02:00
Christian Banse
8cde7faf81
Added dependabot updates for GitHub actions ( #298 )
2023-03-31 13:26:46 +02:00
Michael Fridman
15f96b0627
Add golangci-lint ( #279 )
...
* Add golangci-lint-action
* Upgrading CodeQL to v2
* Fixed linting errors
---------
Co-authored-by: Christian Banse <oxisto@aybaze.com>
2023-03-31 13:20:59 +02:00
dillonstreator
843e9bfe4d
add documentation to hmac `Verify` & `Sign` to detail why string is not an advisable input for key ( #249 )
...
* add documentation around Verify & Sign to detail why string is not an advisable input for key
* Refer to the usage guide
---------
Co-authored-by: Dillon Streator <dillonstreator@Dillons-2nd-MacBook-Pro.local>
Co-authored-by: Christian Banse <oxisto@aybaze.com>
2023-03-31 13:19:48 +02:00
Christian Banse
1c4047f488
Adjusting the error checking example ( #270 )
...
This PR adjusts the error checking example so that a check for an invalid signature is also included.
See discussion in #143
2023-03-24 23:11:38 +01:00
Christian Banse
b357385d3e
Moving `DecodeSegement` to `Parser` ( #278 )
...
* Moving `DecodeSegement` to `Parser`
This would allow us to remove some global variables and move them to parser options as well as potentially introduce interfaces for json and b64 encoding/decoding to replace the std lib, if someone wanted to do that for performance reasons.
We keep the functions exported because of explicit user demand.
* Sign/Verify does take the decoded form now
2023-03-24 19:13:09 +01:00
Liam Newman
c6ec5a22b4
Update MIGRATION_GUIDE.md ( #289 )
...
* Update MIGRATION_GUIDE.md
Saw one typo, spent a few minutes improving a few paragraphs.
2023-03-24 19:10:52 +01:00
Mones Zarrugh
0d2f0d4809
remove string slice and strings.join ( #115 )
2023-02-21 21:28:00 -05:00
Christian Banse
148d710109
`v5` Pre-Release ( #234 )
...
Co-authored-by: Micah Parks <66095735+MicahParks@users.noreply.github.com>
Co-authored-by: Michael Fridman <mf192@icloud.com>
2023-02-21 14:32:25 +01:00
Christian Banse
4fd5621d8d
Added GitHub Actions Markdown ( #260 )
2023-02-19 14:01:18 +01:00
Alexander Yastrebov
9358574a7a
Allow strict base64 decoding ( #259 )
...
By default base64 decoder works in non-strict mode which
allows tweaking signatures having padding without failing validation.
This creates a potential problem if application treats token value as an identifier.
For example ES256 signature has length of 64 bytes and two padding symbols (stripped by default).
Therefore its base64-encoded value can only end with A, Q, g and w.
In non-strict mode last symbol could be tweaked resulting in 16 distinct
token values having the same signature and passing validation.
This change adds backward-compatible global config variable DecodeStrict
(similar to existing DecodePaddingAllowed) that enables strict base64 decoder mode.
See also https://github.com/golang/go/issues/15656 .
Signed-off-by: Alexander Yastrebov <yastrebov.alex@gmail.com>
2022-12-09 18:04:03 +01:00