Geert Vanderkelen
cb914dd542
Handle ValidationError returned by keyFunc in jwt.ParseWithClaims
...
Previously, returning a `jwt.ValidationError` from `jwt.Parse()` or
`jwt.ParseWithClaims()` would result values the error to be
ignored.
For example, when testing the signature while parsing the token, it
was not possible to return `jwt.ValidationErrorSignatureInvalid`.
The documentation shows an example for returning an `errors.Error`,
but this is not enough.
We change the `jwt.ParseWithClaims()`-function and check whether the
returned error from the `KeyFunc` is already a
`jwt.ValidationError`-type and return as-is.
This allows us to do the following:
token, err := jwt.ParseWithClaims(authToken, claims, func(token
*jwt.Token) (interface{}, error) {
if _, ok := token.Method.(*jwt.SigningMethodHMAC); !ok {
vErr := new(jwt.ValidationError)
vErr.Errors = jwt.ValidationErrorSignatureInvalid
vErr.Inner = fmt.Errorf("invalid signature")
return nil, vErr
}
return []byte(MySecret), nil
})
The idea is to then be able to check the `Errors`-member:
} else if ve.Errors&jwt.ValidationErrorSignatureInvalid != 0 {
return fmt.Errorf("Authentication Token has invalid signature")
}
2017-06-28 09:16:23 +02:00
Dave Grijalva
a539ee1a74
Merge pull request #218 from zoofood/patch-1
...
minor typo
2017-06-07 17:51:49 -07:00
Jeff Rouse
b425822dfa
minor typo
2017-06-07 17:13:34 -07:00
Dave Grijalva
6c8dedd55f
updated note on alg type vulnerability
2017-05-08 09:54:58 -07:00
Yuri
c1d75b01d5
A better error msg
...
Change ErrInvalidKey to ErrInvalidKeyType
2017-04-01 16:04:41 +08:00
Zach Collier
fd360ca1aa
add godoc icon
2017-03-16 10:55:35 -06:00
Dave Grijalva
2268707a8f
Merge pull request #183 from hnakamur/support_rs256_in_jwt_command
...
Support RS256 algorithm in jwt command
2017-02-01 14:58:49 -08:00
Dave Grijalva
e0b2941cad
Merge pull request #196 from dgrijalva/dg/cmd_args
...
Allow claims and headers to be specified at command line
2017-02-01 10:44:39 -08:00
Dave Grijalva
aaadee5836
s/head/header/
2017-02-01 10:44:25 -08:00
Dave Grijalva
53194fccb3
allow claims and headers to be specified at command line
2017-01-31 11:36:56 -08:00
Dave Grijalva
a601269ab7
Merge pull request #190 from jamesrwhite/patch-1
...
Clarify hmacSampleSecret type
2017-01-04 10:22:50 -08:00
James White
b08784ba5a
Clarify hmacSampleSecret type
...
From looking at the godoc for this (https://godoc.org/github.com/dgrijalva/jwt-go#example-Parse--Hmac ) it isn't clear what the type of hmacSampleSecret should be as you can't see the rest of this file. I ended up having to search through the code to figure out it needed to be a byte array.
2017-01-04 11:40:11 +00:00
Hiroaki Nakamura
c5d6625a50
Support RS256 algorithm in jwt command
2016-11-21 18:56:50 +09:00
Joao Aguiar
053ba766a6
Added passoword protect PEM support
2016-11-03 17:50:08 +00:00
Dave Grijalva
9ed569b5d1
Merge pull request #180 from kevinburke/fix-unreachable
...
Remove unreachable code
2016-11-01 12:39:35 -07:00
Kevin Burke
e58d3b7548
Remove unreachable code
...
`go vet` on Go 1.8 errors because this line of code is unreachable. Adds
a check that new code passes go vet, and adds Go 1.7 to travisci.
2016-11-01 09:59:08 -07:00
zimbatm
f46fb7ef12
ParseUnverified: add tests
2016-09-14 15:23:18 +01:00
zimbatm
bf316c4813
Introduce (*Parser).ParseUnverified
...
This is not something users of this library would commonly use but I'm
hitting a case where I still want to transmit the values contained
inside of the token trough the system, after it's been verified by the
frontend.
In that case it would be easier just to transmit the token around and be
able to parse the values within, without having to verify the signature.
The backend services also don't have access to the user secrets to
validate the signature.
2016-09-14 15:23:18 +01:00
Dave Grijalva
24c63f5652
Merge pull request #166 from johnlockwood-wf/issue-165-missing-arg
...
Add the missing name arg
2016-08-31 11:35:34 -07:00
John.Lockwood
7ff66c6bff
Add the missing name arg
2016-08-26 21:32:44 -07:00
Dave Grijalva
63734eae1e
Merge pull request #151 from zaichang/FixMigrationGuide
...
Fixed migration guide request.ParseFromRequest example code
2016-07-29 09:48:51 -07:00
Zai
227c99f1af
Fixed migration guide request.ParseFromRequest example code
2016-07-20 18:09:44 +02:00
Dave Grijalva
01aeca54eb
Merge pull request #146 from pkieltyka/master
...
Parser flag to skip claims validation during token parsing
2016-07-05 13:30:06 -07:00
Peter Kieltyka
c9eaceb289
Parser flag to skip claims validation during token parsing
2016-06-21 16:11:54 -04:00
Dave Grijalva
f077707632
Merge pull request #140 from kazhuravlev/patch-1
...
Fix links
2016-06-17 10:01:58 -07:00
kazhuravlev
1e9b4c4c60
Fix links
2016-06-17 17:04:01 +03:00
Dave Grijalva
d2709f9f1f
Merge pull request #77 from dgrijalva/release_3_0_0
...
Release 3.0.0
2016-06-16 12:15:56 -07:00
Dave Grijalva
d8c133f558
Merge branch 'master' into release_3_0_0
2016-06-16 12:16:07 -07:00
Dave Grijalva
268038b363
v2.7.0
2016-06-16 12:14:24 -07:00
Dave Grijalva
4638392845
updated documentation to reflect the supported draft version
2016-06-15 16:56:01 -07:00
Dave Grijalva
5fbf45924d
errors only have an exposed Inner property if the error was generated by another library
2016-06-15 16:42:50 -07:00
Dave Grijalva
2ed748cd9c
updated documentation. moved migration guide to separate doc
2016-06-15 10:49:54 -07:00
Dave Grijalva
0fbf86c98b
documentation update
2016-06-08 11:38:48 -07:00
Dave Grijalva
f1a773028f
added a simple http example
2016-06-08 11:36:38 -07:00
Dave Grijalva
320d20e631
Merge branch 'release_3_0_0' of github.com:dgrijalva/jwt-go into release_3_0_0
2016-06-07 10:34:42 -07:00
Dave Grijalva
6fd0370e43
Merge branch 'master' of https://github.com/martinlindhe/jwt-go into patch_109
2016-06-07 10:34:06 -07:00
Dave Grijalva
b4ac4e4998
Merge pull request #137 from dgrijalva/dg/extractor
...
Add new interface Extractor for making token extraction pluggable
2016-06-07 10:01:39 -07:00
Dave Grijalva
c5c24ad06a
updated version history
2016-06-06 18:22:25 -07:00
Dave Grijalva
317b82a681
Merge remote-tracking branch 'origin/master' into release_3_0_0
2016-06-06 18:20:35 -07:00
Dave Grijalva
fa2cc68895
version history
2016-06-06 18:08:17 -07:00
Dave Grijalva
c04502f106
notice about imminent 3.0.0
2016-06-06 17:56:07 -07:00
Dave Grijalva
5eef21b7ed
a few examples and some documentation cleanup
2016-06-06 17:45:30 -07:00
Dave Grijalva
f93fcfd3f9
unit tests for extractor
2016-06-06 17:18:24 -07:00
Dave Grijalva
de0a819d8d
added documentation
2016-06-06 16:55:41 -07:00
Dave Grijalva
bb45bfcdec
add new interface Extractor for making token extraction pluggable
2016-06-06 15:27:44 -07:00
Dave Grijalva
9b486c879b
Merge pull request #136 from bruston/keyfunc-typo
...
Fix typo in KeyFunc documentation
2016-05-31 11:11:19 -07:00
Benjamin Ruston
e1403b0ab2
Fix typo in KeyFunc documentation
2016-05-27 14:22:35 +01:00
Dave Grijalva
40bd0f3b48
fixes #135 copy/paste error in rsa decoding tools
2016-05-04 10:25:48 -07:00
Dave Grijalva
0ef1a002d3
Merge pull request #132 from abourget/master
...
Implement a "-show" command too.. for debugging purposes..
2016-05-04 10:21:10 -07:00
Dave Grijalva
3cf07b8a28
Merge pull request #133 from johnlockwood-wf/expire-delta
...
Include expire delta in error message
2016-05-04 10:20:39 -07:00