Commit Graph

20 Commits

Author SHA1 Message Date
Christian Banse 1e16f55059 Inlining application-specific validation 2023-02-19 19:56:30 +01:00
Christian Banse 1ef0fe8cd4 New validation API (#236)
* New Validation API

Some guidelines in designing the new validation API

* Previously, the `Valid` method was placed on the claim, which was always not entirely semantically correct, since the validity is concerning the token, not the claims. Although the validity of the token is based on the processing of the claims (such as `exp`). Therefore, the function `Valid` was removed from the `Claims` interface and the single canonical way to retrieve the validity of the token is to retrieve the `Valid` property of the `Token` struct.
* The previous fact was enhanced by the fact that most claims implementations had additional exported `VerifyXXX` functions, which are now removed
* All validation errors should be comparable with `errors.Is` to determine, why a particular validation has failed
* Developers want to adjust validation options. Popular options include:
  * Leeway when processing exp, nbf, iat
  * Not verifying `iat`, since this is actually just an informational claim. When purely looking at the standard, this should probably the default
  * Verifying `aud` by default, which actually the standard sort of demands. We need to see how strong we want to enforce this
* Developers want to create their own claim types, mostly by embedding one of the existing types such as `RegisteredClaims`.
  * Sometimes there is the need to further tweak the validation of a token by checking the value of a custom claim. Previously, this was possibly by overriding `Valid`. However, this was error-prone, e.g., if the original `Valid` was not called. Therefore, we should provide an easy way for *additional* checks, without by-passing the necessary validations

This leads to the following two major changes:

* The `Claims` interface now represents a set of functions that return the mandatory claims represented in a token, rather than just a `Valid` function. This is also more semantically correct.
* All validation tasks are offloaded to a new (optional) `validator`, which can also be configured with appropriate options. If no custom validator was supplied, a default one is used.

Co-authored-by: Micah Parks <66095735+MicahParks@users.noreply.github.com>
2022-12-09 18:47:09 +01:00
Christian Banse a90858af11 Starting `v5` development
This commit serves as the basis for further `v5` developments. It will introduce some API-breaking changes, especially to the way tokens are validated. This will allow us to provide some long-wanted features with regards to the validation API. We are aiming to do this as smoothly as possible, however, with any major version. please expect that you might need to adapt your code.

The actual development will be done in the course of the next week, if time permits. It will be done in seperate PRs that will use this PR as a base. Afterwards, we will probably merge this and release an initial 5.0.0-alpha1 or similar.
2022-12-09 18:04:31 +01:00
Christian Banse 78a18c0808
Implementing `Is(err) bool` to support Go 1.13 style error checking (#136) 2022-01-19 22:55:19 +01:00
Christian Banse 80625fb516
Backwards-compatible implementation of RFC7519's registered claim's structure (#15)
This PR aims at implementing compliance to RFC7519, as documented in #11 without breaking the public API. It creates a new struct `RegisteredClaims` and deprecates (but not removes) the `StandardClaims`. It introduces a new type `NumericDate`, which represents a JSON numeric date value as specified in the RFC. This allows us to handle float as well as int-based time fields in `aud`, `exp` and `nbf`. Additionally, it introduces the type `StringArray`, which is basically a wrapper around `[]string` to deal with the oddities of the JWT `aud` field.
2021-08-22 19:23:13 +02:00
Michael Fridman 2ebb50f957
Adds go module support /v4 (#41)
Additionally, added `staticcheck` for basic static code analysis (#44)

Co-authored-by: Christian Banse <oxisto@aybaze.com>
2021-08-03 15:51:01 +02:00
Sadman Sakib 6a07921e68
Enable go module support for the project (#3)
* initial go module file

Signed-off-by: sadmansakib <ssadman8@gmail.com>

* fix linting issues

Signed-off-by: sadmansakib <ssadman8@gmail.com>

* rename module to golang-jwt/jwt

Signed-off-by: sadmansakib <ssadman8@gmail.com>

* Renamed imports to match with go module name.

Signed-off-by: sadmansakib <ssadman8@gmail.com>

* update travis for latest go versions

Signed-off-by: sadmansakib <ssadman8@gmail.com>

* Set go version to 1.14

lowered the go version to make it consistent with matrix build

* revert accidental changes while renaming

Signed-off-by: sadmansakib <ssadman8@gmail.com>

* remove travis CI

no longer needed since github actions workflow was created for the
project

Signed-off-by: sadmansakib <ssadman8@gmail.com>

* Revert "remove travis CI"

This reverts commit b3ae57f710.

* update travis for older go versions
2021-05-28 21:26:41 -04:00
Dave Grijalva 5e270fa6cd changed argument order to put claims type before keyfunc. this is easier to read when keyfunc is an inline closure 2016-04-12 16:25:25 -07:00
Dave Grijalva 0c245a4f7e added example of parsing using custom type 2016-04-12 13:33:20 -07:00
Dave Grijalva c466333a1b expanded usefulness and correctness of examples 2016-04-12 13:18:31 -07:00
Dave Grijalva 9c00ec7ce7 more/simpler examples 2015-08-18 13:28:52 -07:00
Dave Grijalva e0b58f1724 MapClaim -> MapClaims 2015-08-18 10:18:57 -07:00
Dave Grijalva a1fc9b87e6 fixed ordering of map output in example test 2015-08-18 09:45:50 -07:00
Jamie Stackhouse ddfa84b397 Changed test to explicitly show that you can change the map without type
asserting every call.
2015-07-22 13:53:37 -03:00
Jamie Stackhouse 6f536a0d2d Changed example to use Output test. 2015-07-22 13:48:42 -03:00
Jamie Stackhouse b00e282378 Update README with some migration information. 2015-07-20 13:20:18 -03:00
Jamie Stackhouse a33fdf927a Going through and updating tests to pass.
Still need to add a test that utilizes the defaults of the structured
object.

Update Cmdline app

Update package reference for PR.

Update examples
2015-07-17 15:14:04 -03:00
Dave Grijalva fb5e9d4418 updated ExampleNew with correct key type 2015-01-13 21:31:08 -08:00
Dave Grijalva d9679c1420 added some examples of unpacking errors from the bitfield 2014-12-28 12:44:46 -08:00
Dave Grijalva db4251f9dd added examples 2014-12-28 12:24:54 -08:00